diff --git a/charts/argocd/Chart.lock b/charts/argocd/Chart.lock index f8b65043..40da278a 100644 --- a/charts/argocd/Chart.lock +++ b/charts/argocd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm - version: 8.0.1 -digest: sha256:ba6c49d64851ea12a80e5c30e96ce38ebff712aa90678955595479f613e12089 -generated: "2025-05-14T10:23:53.65818767Z" + version: 8.0.17 +digest: sha256:318a3e3937e20699a2cc5783521e9fce05e112dd9974813fa516cc5ce588cacc +generated: "2025-06-11T10:25:08.295670884Z" diff --git a/charts/argocd/Chart.yaml b/charts/argocd/Chart.yaml index b29e4f01..1ff7f6a4 100644 --- a/charts/argocd/Chart.yaml +++ b/charts/argocd/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: argocd description: A Helm chart for Kubernetes type: application -version: 0.1.3 +version: 0.1.4 appVersion: "2.14.4" dependencies: - name: argo-cd - version: 8.0.1 + version: 8.0.17 repository: "https://argoproj.github.io/argo-helm" alias: argocd maintainers: diff --git a/charts/argocd/README.md b/charts/argocd/README.md index c88faadb..ce42d578 100644 --- a/charts/argocd/README.md +++ b/charts/argocd/README.md @@ -1,6 +1,6 @@ # argocd -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.14.4](https://img.shields.io/badge/AppVersion-2.14.4-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.14.4](https://img.shields.io/badge/AppVersion-2.14.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argocd(argo-cd) | 8.0.1 | +| https://argoproj.github.io/argo-helm | argocd(argo-cd) | 8.0.17 | ## Maintainers @@ -220,6 +220,7 @@ A Helm chart for Kubernetes | argocd.configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | | argocd.configs.params."controller.status.processors" | int | `20` | Number of application status processors | | argocd.configs.params."controller.sync.timeout.seconds" | int | `0` | Specifies the timeout after which a sync would be terminated. 0 means no timeout | +| argocd.configs.params."hydrator.enabled" | bool | `false` | Enable the hydrator feature (hydrator is in Alpha phase) | | argocd.configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") | | argocd.configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | | argocd.configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | @@ -370,7 +371,7 @@ A Helm chart for Kubernetes | argocd.dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod # Note: Supports use of custom Helm templates | | argocd.dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | argocd.dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| argocd.dex.image.tag | string | `"v2.42.1"` | Dex image tag | +| argocd.dex.image.tag | string | `"v2.43.1"` | Dex image tag | | argocd.dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | argocd.dex.initContainers | list | `[]` | Init containers to add to the dex pod # Note: Supports use of custom Helm templates | | argocd.dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -436,7 +437,7 @@ A Helm chart for Kubernetes | argocd.dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | | argocd.dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | | argocd.dex.volumes | list | `[]` | Additional volumes to the dex pod | -| argocd.externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored | +| argocd.externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored | | argocd.externalRedis.host | string | `""` | External Redis server host | | argocd.externalRedis.password | string | `""` | External Redis password | | argocd.externalRedis.port | int | `6379` | External Redis server port | @@ -574,11 +575,12 @@ A Helm chart for Kubernetes | argocd.redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | argocd.redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | argocd.redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| argocd.redis-ha.haproxy.image.repository | string | `"ecr-public.aws.com/docker/library/haproxy"` | HAProxy Image Repository | | argocd.redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | argocd.redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | argocd.redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | argocd.redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | -| argocd.redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| argocd.redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argocd.redis-ha.image.tag | string | `"7.2.8-alpine"` | Redis tag # Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis | | argocd.redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | argocd.redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | @@ -606,7 +608,7 @@ A Helm chart for Kubernetes | argocd.redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | argocd.redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | argocd.redis.exporter.image.repository | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | -| argocd.redis.exporter.image.tag | string | `"v1.71.0"` | Tag to use for the redis-exporter | +| argocd.redis.exporter.image.tag | string | `"v1.74.0"` | Tag to use for the redis-exporter | | argocd.redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | argocd.redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | argocd.redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -623,7 +625,7 @@ A Helm chart for Kubernetes | argocd.redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | argocd.redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod # Note: Supports use of custom Helm templates | | argocd.redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | -| argocd.redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| argocd.redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argocd.redis.image.tag | string | `"7.2.8-alpine"` | Redis tag # Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis | | argocd.redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | argocd.redis.initContainers | list | `[]` | Init containers to add to the redis pod # Note: Supports use of custom Helm templates | @@ -989,7 +991,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: argocd path: '' helm: diff --git a/charts/argocd/charts/argo-cd-8.0.1.tgz b/charts/argocd/charts/argo-cd-8.0.1.tgz deleted file mode 100644 index cd15af30..00000000 Binary files a/charts/argocd/charts/argo-cd-8.0.1.tgz and /dev/null differ diff --git a/charts/argocd/charts/argo-cd-8.0.17.tgz b/charts/argocd/charts/argo-cd-8.0.17.tgz new file mode 100644 index 00000000..eb18277b Binary files /dev/null and b/charts/argocd/charts/argo-cd-8.0.17.tgz differ diff --git a/charts/argocd/values.yaml b/charts/argocd/values.yaml index 25e7fd2f..5515149e 100644 --- a/charts/argocd/values.yaml +++ b/charts/argocd/values.yaml @@ -438,6 +438,8 @@ argocd: server.enable.gzip: true # -- Enable proxy extension feature. (proxy extension is in Alpha phase) server.enable.proxy.extension: false + # -- Enable the hydrator feature (hydrator is in Alpha phase) + hydrator.enabled: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin @@ -1172,7 +1174,7 @@ argocd: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.42.1 + tag: v2.43.1 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1435,7 +1437,7 @@ argocd: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 7.2.8-alpine @@ -1454,7 +1456,7 @@ argocd: # -- Repository to use for the redis-exporter repository: ghcr.io/oliver006/redis_exporter # -- Tag to use for the redis-exporter - tag: v1.71.0 + tag: v1.74.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1722,7 +1724,7 @@ argocd: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 7.2.8-alpine @@ -1754,6 +1756,9 @@ argocd: # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. labels: app.kubernetes.io/name: argocd-redis-ha-haproxy + image: + # -- HAProxy Image Repository + repository: ecr-public.aws.com/docker/library/haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true @@ -1818,8 +1823,8 @@ argocd: password: "" # -- External Redis server port port: 6379 - # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. - # When it's set, the `externalRedis.password` parameter is ignored + # -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. + # When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored existingSecret: "" # -- External Redis Secret annotations secretAnnotations: {} diff --git a/charts/cert-manager/Chart.lock b/charts/cert-manager/Chart.lock index ba361324..90c96eb2 100644 --- a/charts/cert-manager/Chart.lock +++ b/charts/cert-manager/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: cert-manager repository: https://charts.jetstack.io - version: v1.17.2 + version: v1.18.0 - name: gcp-workload-identity repository: https://edixos.github.io/ekp-helm version: 0.1.1 - name: gcp-iam-policy-members repository: https://edixos.github.io/ekp-helm version: 0.1.2 -digest: sha256:332d9476ee0ae270e6ab49c0a8474c4a9ded472b0198920ab2f457119509c2f8 -generated: "2025-05-07T10:23:12.154607043Z" +digest: sha256:3bc7234077ec45ee89dda449becd0840b348bb3e53e19b790a24d846adc81e17 +generated: "2025-06-11T10:23:19.911489137Z" diff --git a/charts/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml index e45f8d04..ed837ee9 100644 --- a/charts/cert-manager/Chart.yaml +++ b/charts/cert-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cert-manager description: A Helm chart for cert-manager type: application -version: 0.1.3 +version: 0.1.4 appVersion: "1.17.1" maintainers: - name: wiemaouadi @@ -13,7 +13,7 @@ maintainers: url: https://github.com/smileisak dependencies: - name: cert-manager - version: "v1.17.2" + version: "v1.18.0" repository: "https://charts.jetstack.io" alias: certmanager - name: gcp-workload-identity diff --git a/charts/cert-manager/README.md b/charts/cert-manager/README.md index 3e99aee1..2e108266 100644 --- a/charts/cert-manager/README.md +++ b/charts/cert-manager/README.md @@ -1,6 +1,6 @@ # cert-manager -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://charts.jetstack.io | certmanager(cert-manager) | v1.17.2 | +| https://charts.jetstack.io | certmanager(cert-manager) | v1.18.0 | | https://edixos.github.io/ekp-helm | iamPolicyMembers(gcp-iam-policy-members) | 0.1.2 | | https://edixos.github.io/ekp-helm | workloadIdentity(gcp-workload-identity) | 0.1.1 | @@ -89,6 +89,7 @@ A Helm chart for cert-manager | certmanager.global.priorityClassName | string | `""` | | | certmanager.global.rbac.aggregateClusterRoles | bool | `true` | | | certmanager.global.rbac.create | bool | `true` | | +| certmanager.global.rbac.disableHTTPChallengesRole | bool | `false` | | | certmanager.hostAliases | list | `[]` | | | certmanager.image.pullPolicy | string | `"IfNotPresent"` | | | certmanager.image.repository | string | `"quay.io/jetstack/cert-manager-controller"` | | @@ -124,7 +125,7 @@ A Helm chart for cert-manager | certmanager.prometheus.servicemonitor.path | string | `"/metrics"` | | | certmanager.prometheus.servicemonitor.prometheusInstance | string | `"default"` | | | certmanager.prometheus.servicemonitor.scrapeTimeout | string | `"30s"` | | -| certmanager.prometheus.servicemonitor.targetPort | int | `9402` | | +| certmanager.prometheus.servicemonitor.targetPort | string | `"http-metrics"` | | | certmanager.replicaCount | int | `1` | | | certmanager.resources | object | `{}` | | | certmanager.securityContext.runAsNonRoot | bool | `true` | | @@ -273,7 +274,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: cert-manager path: '' helm: diff --git a/charts/cert-manager/charts/cert-manager-v1.17.2.tgz b/charts/cert-manager/charts/cert-manager-v1.17.2.tgz deleted file mode 100644 index 770113d1..00000000 Binary files a/charts/cert-manager/charts/cert-manager-v1.17.2.tgz and /dev/null differ diff --git a/charts/cert-manager/charts/cert-manager-v1.18.0.tgz b/charts/cert-manager/charts/cert-manager-v1.18.0.tgz new file mode 100644 index 00000000..7ed77675 Binary files /dev/null and b/charts/cert-manager/charts/cert-manager-v1.18.0.tgz differ diff --git a/charts/cert-manager/values.yaml b/charts/cert-manager/values.yaml index 8d554e22..12ebc6e5 100644 --- a/charts/cert-manager/values.yaml +++ b/charts/cert-manager/values.yaml @@ -50,6 +50,9 @@ certmanager: create: true # Aggregate ClusterRoles to Kubernetes default user-facing roles. For more information, see [User-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) aggregateClusterRoles: true + # To use HTTP-01 ACME challenges, cert-manager needs extra permissions to create pods. + # If you want to avoid this added permission and disable HTTP-01 set this value. + disableHTTPChallengesRole: false podSecurityPolicy: # Create PodSecurityPolicy for cert-manager. @@ -134,14 +137,14 @@ certmanager: enabled: false # This configures the minimum available pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # This configures the maximum unavailable pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # it cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown @@ -193,7 +196,7 @@ certmanager: # Override the "cert-manager.name" value, which is used to annotate some of # the resources that are created by this Chart (using "app.kubernetes.io/name"). # NOTE: There are some inconsistencies in the Helm chart when it comes to - # these annotations (some resources use eg. "cainjector.name" which resolves + # these annotations (some resources use, e.g., "cainjector.name" which resolves # to the value "cainjector"). # +docs:property # nameOverride: "my-cert-manager" @@ -248,10 +251,10 @@ certmanager: # kubernetesAPIBurst: 9000 # numberOfConcurrentWorkers: 200 # enableGatewayAPI: true - # # Feature gates as of v1.17.0. Listed with their default values. + # # Feature gates as of v1.18.0. Listed with their default values. # # See https://cert-manager.io/docs/cli/controller/ # featureGates: - # AdditionalCertificateOutputFormats: true # BETA - default=true + # AdditionalCertificateOutputFormats: true # GA - default=true # AllAlpha: false # ALPHA - default=false # AllBeta: false # BETA - default=false # ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false @@ -263,7 +266,7 @@ certmanager: # ServerSideApply: false # ALPHA - default=false # StableCertificateRequestName: true # BETA - default=true # UseCertificateRequestBasicConstraints: false # ALPHA - default=false - # UseDomainQualifiedFinalizer: true # BETA - default=false + # UseDomainQualifiedFinalizer: true # GA - default=true # ValidateCAA: false # ALPHA - default=false # # Configure the metrics server for TLS # # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls @@ -295,7 +298,7 @@ certmanager: # referencing these signer names will be auto-approved by cert-manager. Defaults to just # approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty # array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, - # because eg. you are using approver-policy, you can enable 'disableAutoApproval'. + # because, e.g., you are using approver-policy, you can enable 'disableAutoApproval'. # ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval # +docs:property approveSignerNames: @@ -519,7 +522,7 @@ certmanager: # ServiceMonitor resource. # Otherwise, 'prometheus.io' annotations are added to the cert-manager and # cert-manager-webhook Deployments. - # Note that you can not enable both PodMonitor and ServiceMonitor as they are + # Note that you cannot enable both PodMonitor and ServiceMonitor as they are # mutually exclusive. Enabling both will result in an error. enabled: true @@ -539,7 +542,8 @@ certmanager: # The target port to set on the ServiceMonitor. This must match the port that the # cert-manager controller is listening on for metrics. - targetPort: 9402 + # +docs:type=string,integer + targetPort: http-metrics # The path to scrape for metrics. path: /metrics @@ -573,7 +577,7 @@ certmanager: # +docs:property endpointAdditionalProperties: {} - # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in an error. + # Note that you cannot enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in an error. podmonitor: # Create a PodMonitor to add cert-manager to Prometheus. enabled: false @@ -723,14 +727,14 @@ certmanager: enabled: false # This property configures the minimum available pods for disruptions. Can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # This property configures the maximum unavailable pods for disruptions. Can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown @@ -1090,14 +1094,14 @@ certmanager: enabled: false # `minAvailable` configures the minimum available pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # Cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # Cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown diff --git a/charts/eso/Chart.lock b/charts/eso/Chart.lock index 5be1b4bf..3c5fef74 100644 --- a/charts/eso/Chart.lock +++ b/charts/eso/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: external-secrets repository: https://charts.external-secrets.io - version: 0.16.2 -digest: sha256:94cbf896c19437687c2804fc14c7937cd9b12f6d70cc32b1a78aa323777580cb -generated: "2025-05-14T10:23:28.800416977Z" + version: 0.17.0 +digest: sha256:532d8d7a0d372e76106706c581c7897c48ce291882a925a54243adbeab931483 +generated: "2025-06-11T10:23:36.786042808Z" diff --git a/charts/eso/Chart.yaml b/charts/eso/Chart.yaml index 31b9c963..17fa5997 100644 --- a/charts/eso/Chart.yaml +++ b/charts/eso/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: eso description: A Helm chart ESO for Kubernetes type: application -version: 0.1.4 +version: 0.1.5 appVersion: "0.14.2" dependencies: - name: external-secrets - version: 0.16.2 + version: 0.17.0 repository: https://charts.external-secrets.io alias: eso maintainers: diff --git a/charts/eso/README.md b/charts/eso/README.md index fb6aba26..9ef5c39b 100644 --- a/charts/eso/README.md +++ b/charts/eso/README.md @@ -1,6 +1,6 @@ # eso -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.2](https://img.shields.io/badge/AppVersion-0.14.2-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.2](https://img.shields.io/badge/AppVersion-0.14.2-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://charts.external-secrets.io | eso(external-secrets) | 0.16.2 | +| https://charts.external-secrets.io | eso(external-secrets) | 0.17.0 | ## Maintainers @@ -266,7 +266,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.4" + targetRevision: "0.1.5" chart: eso path: '' diff --git a/charts/eso/charts/external-secrets-0.16.2.tgz b/charts/eso/charts/external-secrets-0.16.2.tgz deleted file mode 100644 index 110c6b39..00000000 Binary files a/charts/eso/charts/external-secrets-0.16.2.tgz and /dev/null differ diff --git a/charts/eso/charts/external-secrets-0.17.0.tgz b/charts/eso/charts/external-secrets-0.17.0.tgz new file mode 100644 index 00000000..9b5d66ca Binary files /dev/null and b/charts/eso/charts/external-secrets-0.17.0.tgz differ diff --git a/charts/ingress-nginx/Chart.lock b/charts/ingress-nginx/Chart.lock index 17b9b6c0..cba26fda 100644 --- a/charts/ingress-nginx/Chart.lock +++ b/charts/ingress-nginx/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx - version: 4.12.2 -digest: sha256:b58107199720c48a5d00da482ca4cfef20f3971db28ac19aa2158d8f3ee70158 -generated: "2025-05-07T10:25:43.915827482Z" + version: 4.12.3 +digest: sha256:43a2579a2023546aa2557a4c4fa1df5606fa916ade8fe7df19095a9403676603 +generated: "2025-06-11T10:24:18.51365235Z" diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index dd3bf33f..c82e4a18 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx description: A Helm chart for Kubernetes type: application -version: 0.1.3 +version: 0.1.4 appVersion: "1.12.1" maintainers: - name: ilyasabdellaoui @@ -10,6 +10,6 @@ maintainers: url: https://github.com/ilyasabdellaoui dependencies: - name: ingress-nginx - version: 4.12.2 + version: 4.12.3 repository: "https://kubernetes.github.io/ingress-nginx" alias: ingressNginx diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 8f5d6dbb..1efd6e6a 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -1,6 +1,6 @@ # ingress-nginx -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.1](https://img.shields.io/badge/AppVersion-1.12.1-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.1](https://img.shields.io/badge/AppVersion-1.12.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kubernetes.github.io/ingress-nginx | ingressNginx(ingress-nginx) | 4.12.2 | +| https://kubernetes.github.io/ingress-nginx | ingressNginx(ingress-nginx) | 4.12.3 | ## Maintainers @@ -46,10 +46,10 @@ A Helm chart for Kubernetes | ingressNginx.controller.admissionWebhooks.namespaceSelector | object | `{}` | | | ingressNginx.controller.admissionWebhooks.objectSelector | object | `{}` | | | ingressNginx.controller.admissionWebhooks.patch.enabled | bool | `true` | | -| ingressNginx.controller.admissionWebhooks.patch.image.digest | string | `"sha256:2cf4ebfa82a37c357455458f6dfc334aea1392d508270b2517795a9933a02524"` | | +| ingressNginx.controller.admissionWebhooks.patch.image.digest | string | `"sha256:7a38cf0f8480775baaee71ab519c7465fd1dfeac66c421f28f087786e631456e"` | | | ingressNginx.controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | ingressNginx.controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | -| ingressNginx.controller.admissionWebhooks.patch.image.tag | string | `"v1.5.3"` | | +| ingressNginx.controller.admissionWebhooks.patch.image.tag | string | `"v1.5.4"` | | | ingressNginx.controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | ingressNginx.controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | ingressNginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | @@ -116,8 +116,8 @@ A Helm chart for Kubernetes | ingressNginx.controller.hostname | object | `{}` | Optionally customize the pod hostname. | | ingressNginx.controller.image.allowPrivilegeEscalation | bool | `false` | | | ingressNginx.controller.image.chroot | bool | `false` | | -| ingressNginx.controller.image.digest | string | `"sha256:03497ee984628e95eca9b2279e3f3a3c1685dd48635479e627d219f00c8eefa9"` | | -| ingressNginx.controller.image.digestChroot | string | `"sha256:a697e2bfa419768315250d079ccbbca45f6099c60057769702b912d20897a574"` | | +| ingressNginx.controller.image.digest | string | `"sha256:ac444cd9515af325ba577b596fe4f27a34be1aa330538e8b317ad9d6c8fb94ee"` | | +| ingressNginx.controller.image.digestChroot | string | `"sha256:d830fba93e9e0f5ef1462f5fe8a7cd7b167178b79e6c10c041c7da19f1ac66ab"` | | | ingressNginx.controller.image.image | string | `"ingress-nginx/controller"` | | | ingressNginx.controller.image.pullPolicy | string | `"IfNotPresent"` | | | ingressNginx.controller.image.readOnlyRootFilesystem | bool | `false` | | @@ -125,7 +125,7 @@ A Helm chart for Kubernetes | ingressNginx.controller.image.runAsNonRoot | bool | `true` | | | ingressNginx.controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) | | ingressNginx.controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| ingressNginx.controller.image.tag | string | `"v1.12.2"` | | +| ingressNginx.controller.image.tag | string | `"v1.12.3"` | | | ingressNginx.controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | ingressNginx.controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | ingressNginx.controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | @@ -368,7 +368,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: ingress-nginx path: '' helm: diff --git a/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz b/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz deleted file mode 100644 index 937ad18d..00000000 Binary files a/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz and /dev/null differ diff --git a/charts/ingress-nginx/charts/ingress-nginx-4.12.3.tgz b/charts/ingress-nginx/charts/ingress-nginx-4.12.3.tgz new file mode 100644 index 00000000..294466ea Binary files /dev/null and b/charts/ingress-nginx/charts/ingress-nginx-4.12.3.tgz differ diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 4022f0da..9e01d02b 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -47,9 +47,9 @@ ingressNginx: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.12.2" - digest: sha256:03497ee984628e95eca9b2279e3f3a3c1685dd48635479e627d219f00c8eefa9 - digestChroot: sha256:a697e2bfa419768315250d079ccbbca45f6099c60057769702b912d20897a574 + tag: "v1.12.3" + digest: sha256:ac444cd9515af325ba577b596fe4f27a34be1aa330538e8b317ad9d6c8fb94ee + digestChroot: sha256:d830fba93e9e0f5ef1462f5fe8a7cd7b167178b79e6c10c041c7da19f1ac66ab pullPolicy: IfNotPresent runAsNonRoot: true # -- This value must not be changed using the official image. @@ -813,8 +813,8 @@ ingressNginx: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.5.3 - digest: sha256:2cf4ebfa82a37c357455458f6dfc334aea1392d508270b2517795a9933a02524 + tag: v1.5.4 + digest: sha256:7a38cf0f8480775baaee71ab519c7465fd1dfeac66c421f28f087786e631456e pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index f988a640..fa0eaac4 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kube-prometheus-stack repository: https://prometheus-community.github.io/helm-charts - version: 72.3.1 -digest: sha256:0fa4db9176dd8b6927926ad48aefd95ae8ca6c7205f0b6fda94c18841017b934 -generated: "2025-05-14T10:23:41.25331317Z" + version: 73.2.0 +digest: sha256:98bdc61c43ef1be5a6efede0104775973929c46768e16d942f59ebc0e3c9ced4 +generated: "2025-06-11T10:25:20.934747281Z" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index aa159653..e12969b4 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.2 appVersion: "v0.80.1" dependencies: - name: kube-prometheus-stack - version: 72.3.1 + version: 73.2.0 repository: "https://prometheus-community.github.io/helm-charts" alias: kubePrometheusStack diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index d124e9e5..1acf55cb 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -1,6 +1,6 @@ # kube-prometheus-stack -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.80.1](https://img.shields.io/badge/AppVersion-v0.80.1-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.80.1](https://img.shields.io/badge/AppVersion-v0.80.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://prometheus-community.github.io/helm-charts | kubePrometheusStack(kube-prometheus-stack) | 72.3.1 | +| https://prometheus-community.github.io/helm-charts | kubePrometheusStack(kube-prometheus-stack) | 73.2.0 | ## Description @@ -22,6 +22,7 @@ A Helm chart for Kubernetes | Key | Type | Default | Description | |-----|------|---------|-------------| | kubePrometheusStack.additionalPrometheusRulesMap | object | `{}` | | +| kubePrometheusStack.alertmanager.alertmanagerSpec.additionalArgs | list | `[]` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalConfig | object | `{}` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalConfigString | string | `""` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalPeers | list | `[]` | | @@ -109,6 +110,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.ingress.annotations | object | `{}` | | | kubePrometheusStack.alertmanager.ingress.enabled | bool | `false` | | | kubePrometheusStack.alertmanager.ingress.hosts | list | `[]` | | +| kubePrometheusStack.alertmanager.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.alertmanager.ingress.labels | object | `{}` | | | kubePrometheusStack.alertmanager.ingress.paths | list | `[]` | | | kubePrometheusStack.alertmanager.ingress.tls | list | `[]` | | @@ -116,6 +118,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.ingressPerReplica.enabled | bool | `false` | | | kubePrometheusStack.alertmanager.ingressPerReplica.hostDomain | string | `""` | | | kubePrometheusStack.alertmanager.ingressPerReplica.hostPrefix | string | `""` | | +| kubePrometheusStack.alertmanager.ingressPerReplica.ingressClassName | string | `""` | | | kubePrometheusStack.alertmanager.ingressPerReplica.labels | object | `{}` | | | kubePrometheusStack.alertmanager.ingressPerReplica.paths | list | `[]` | | | kubePrometheusStack.alertmanager.ingressPerReplica.tlsSecretName | string | `""` | | @@ -136,7 +139,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.networkPolicy.monitoringRules.prometheus | bool | `true` | Enable ingress from Prometheus # | | kubePrometheusStack.alertmanager.networkPolicy.policyTypes | list | `["Ingress"]` | Define policy types. If egress is enabled, both Ingress and Egress will be used Valid values are ["Ingress"] or ["Ingress", "Egress"] # | | kubePrometheusStack.alertmanager.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.alertmanager.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.alertmanager.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.alertmanager.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.alertmanager.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | @@ -327,6 +329,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.defaultRules.additionalRuleGroupLabels.prometheusOperator | object | `{}` | | | kubePrometheusStack.defaultRules.additionalRuleLabels | object | `{}` | | | kubePrometheusStack.defaultRules.annotations | object | `{}` | | +| kubePrometheusStack.defaultRules.appNamespacesOperator | string | `"=~"` | | | kubePrometheusStack.defaultRules.appNamespacesTarget | string | `".*"` | | | kubePrometheusStack.defaultRules.create | bool | `true` | | | kubePrometheusStack.defaultRules.disabled | object | `{}` | | @@ -374,8 +377,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.global.imageRegistry | string | `""` | | | kubePrometheusStack.global.rbac.create | bool | `true` | | | kubePrometheusStack.global.rbac.createAggregateClusterRoles | bool | `false` | | -| kubePrometheusStack.global.rbac.pspAnnotations | object | `{}` | | -| kubePrometheusStack.global.rbac.pspEnabled | bool | `false` | | | kubePrometheusStack.grafana.additionalDataSources | list | `[]` | | | kubePrometheusStack.grafana.adminPassword | string | `"prom-operator"` | | | kubePrometheusStack.grafana.adminUser | string | `"admin"` | | @@ -732,6 +733,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.ingress.annotations | object | `{}` | | | kubePrometheusStack.prometheus.ingress.enabled | bool | `false` | | | kubePrometheusStack.prometheus.ingress.hosts | list | `[]` | | +| kubePrometheusStack.prometheus.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.ingress.labels | object | `{}` | | | kubePrometheusStack.prometheus.ingress.paths | list | `[]` | | | kubePrometheusStack.prometheus.ingress.tls | list | `[]` | | @@ -739,6 +741,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.ingressPerReplica.enabled | bool | `false` | | | kubePrometheusStack.prometheus.ingressPerReplica.hostDomain | string | `""` | | | kubePrometheusStack.prometheus.ingressPerReplica.hostPrefix | string | `""` | | +| kubePrometheusStack.prometheus.ingressPerReplica.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.ingressPerReplica.labels | object | `{}` | | | kubePrometheusStack.prometheus.ingressPerReplica.paths | list | `[]` | | | kubePrometheusStack.prometheus.ingressPerReplica.tlsSecretName | string | `""` | | @@ -747,12 +750,8 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.networkPolicy.enabled | bool | `false` | | | kubePrometheusStack.prometheus.networkPolicy.flavor | string | `"kubernetes"` | | | kubePrometheusStack.prometheus.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheus.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheus.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheus.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.allowedCapabilities | list | `[]` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.allowedHostPaths | list | `[]` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.volumes | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertManagerConfigs | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertRelabelConfigs | list | `[]` | | @@ -795,7 +794,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.image.registry | string | `"quay.io"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.repository | string | `"prometheus/prometheus"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.sha | string | `""` | | -| kubePrometheusStack.prometheus.prometheusSpec.image.tag | string | `"v3.3.1"` | | +| kubePrometheusStack.prometheus.prometheusSpec.image.tag | string | `"v3.4.1"` | | | kubePrometheusStack.prometheus.prometheusSpec.initContainers | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.listenLocal | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.logFormat | string | `"logfmt"` | | @@ -814,6 +813,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.podMonitorNamespaceSelector | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.podMonitorSelector | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues | bool | `true` | | +| kubePrometheusStack.prometheus.prometheusSpec.podTargetLabels | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.portName | string | `"http-web"` | | | kubePrometheusStack.prometheus.prometheusSpec.priorityClassName | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.probeNamespaceSelector | object | `{}` | | @@ -927,6 +927,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.thanosIngress.annotations | object | `{}` | | | kubePrometheusStack.prometheus.thanosIngress.enabled | bool | `false` | | | kubePrometheusStack.prometheus.thanosIngress.hosts | list | `[]` | | +| kubePrometheusStack.prometheus.thanosIngress.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.thanosIngress.labels | object | `{}` | | | kubePrometheusStack.prometheus.thanosIngress.nodePort | int | `30901` | | | kubePrometheusStack.prometheus.thanosIngress.paths | list | `[]` | | @@ -1008,7 +1009,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podLabels | object | `{}` | | @@ -1052,6 +1052,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.tolerations | list | `[]` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.enabled | bool | `true` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.failurePolicy | string | `""` | | +| kubePrometheusStack.prometheusOperator.admissionWebhooks.matchConditions | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.mutatingWebhookConfiguration.annotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.namespaceSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.objectSelector | object | `{}` | | @@ -1124,7 +1125,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheusOperator.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.prometheusOperator.podLabels | object | `{}` | | @@ -1204,11 +1204,11 @@ A Helm chart for Kubernetes | kubePrometheusStack.thanosRuler.ingress.annotations | object | `{}` | | | kubePrometheusStack.thanosRuler.ingress.enabled | bool | `false` | | | kubePrometheusStack.thanosRuler.ingress.hosts | list | `[]` | | +| kubePrometheusStack.thanosRuler.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.thanosRuler.ingress.labels | object | `{}` | | | kubePrometheusStack.thanosRuler.ingress.paths | list | `[]` | | | kubePrometheusStack.thanosRuler.ingress.tls | list | `[]` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.thanosRuler.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.thanosRuler.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | @@ -1329,7 +1329,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.2" + targetRevision: "0.1.3" chart: kube-prometheus-stack path: '' helm: diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz deleted file mode 100644 index ea520468..00000000 Binary files a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz and /dev/null differ diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-73.2.0.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-73.2.0.tgz new file mode 100644 index 00000000..16b1bbb1 Binary files /dev/null and b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-73.2.0.tgz differ diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index ac16c284..13e4573f 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -205,6 +205,11 @@ kubePrometheusStack: prometheusOperator: true windows: true + # Defines the operator for namespace selection in rules + # Use "=~" to include namespaces matching the pattern (default) + # Use "!~" to exclude namespaces matching the pattern + appNamespacesOperator: "=~" + ## Reduce app namespace alert scope appNamespacesTarget: ".*" @@ -334,16 +339,6 @@ kubePrometheusStack: ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateClusterRoles: false - pspEnabled: false - pspAnnotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' ## Global image registry to use if it needs to be overridden for some specific use cases (e.g local registries, custom images, ...) ## @@ -501,7 +496,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Alertmanager configuration directives @@ -597,9 +592,7 @@ kubePrometheusStack: ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} @@ -685,9 +678,7 @@ kubePrometheusStack: ingressPerReplica: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -1001,6 +992,9 @@ kubePrometheusStack: # alertmanagerConfigMatcherStrategy: # type: OnNamespace + ## Additional command line arguments to pass to Alertmanager (in addition to those generated by the chart) + additionalArgs: [] + ## Define Log Format # Use logfmt (default) or json logging logFormat: logfmt @@ -1174,15 +1168,15 @@ kubePrometheusStack: clusterAdvertiseAddress: false ## clusterGossipInterval determines interval between gossip attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterGossipInterval: "" ## clusterPeerTimeout determines timeout for cluster peering. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterPeerTimeout: "" ## clusterPushpullInterval determines interval between pushpull attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterPushpullInterval: "" ## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster. @@ -2670,6 +2664,7 @@ kubePrometheusStack: namespaceSelector: {} objectSelector: {} + matchConditions: {} mutatingWebhookConfiguration: annotations: {} @@ -2694,7 +2689,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Number of old replicasets to retain ## @@ -3096,7 +3091,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Assign a PriorityClassName to pods if set @@ -3640,16 +3635,14 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow # Ingress exposes thanos sidecar outside the cluster thanosIngress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3697,9 +3690,7 @@ kubePrometheusStack: ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3778,9 +3769,7 @@ kubePrometheusStack: ingressPerReplica: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3816,13 +3805,6 @@ kubePrometheusStack: ## prefix: "prometheus" - ## Configure additional options for default pod security policy for Prometheus - ## ref: https://kubernetes.io/docs/concepts/security/pod-security-policy/ - podSecurityPolicy: - allowedCapabilities: [] - allowedHostPaths: [] - volumes: [] - serviceMonitor: ## If true, create a serviceMonitor for prometheus ## @@ -3907,9 +3889,9 @@ kubePrometheusStack: disableCompaction: false ## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod, - ## If the field isn’t set, the operator mounts the service account token by default. + ## If the field isn't set, the operator mounts the service account token by default. ## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery, - ## It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container. + ## It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. automountServiceAccountToken: true ## APIServerConfig @@ -3948,6 +3930,11 @@ kubePrometheusStack: # caFile: /etc/prometheus/secrets/istio.default/root-cert.pem # certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem + ## PodTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects. + ## + podTargetLabels: [] + # - customlabel + ## Interval between consecutive evaluations. ## evaluationInterval: "" @@ -3991,7 +3978,7 @@ kubePrometheusStack: image: registry: quay.io repository: prometheus/prometheus - tag: v3.3.1 + tag: v3.4.1 sha: "" ## Tolerations for use with node taints @@ -4615,7 +4602,7 @@ kubePrometheusStack: hostNetwork: false # HostAlias holds the mapping between IP and hostnames that will be injected - # as an entry in the pod’s hosts file. + # as an entry in the pod's hosts file. hostAliases: [] # - ip: 10.10.0.100 # hostnames: @@ -4627,7 +4614,7 @@ kubePrometheusStack: tracingConfig: {} ## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints. - ## If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role. + ## If set, the value should be either "Endpoints" or "EndpointSlice". If unset, the operator assumes the "Endpoints" role. serviceDiscoveryRole: "" ## Additional configuration which is not covered by the properties above. (passed through tpl) @@ -4863,15 +4850,13 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} diff --git a/charts/kyverno-policies/Chart.lock b/charts/kyverno-policies/Chart.lock index 4ce80734..87006cd7 100644 --- a/charts/kyverno-policies/Chart.lock +++ b/charts/kyverno-policies/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kyverno-policies repository: https://kyverno.github.io/kyverno/ - version: 3.4.1 -digest: sha256:b89431a68f4f8f139e462342b965ceac69e2e75b17a53008e94b61ecfd3f79c1 -generated: "2025-05-07T10:22:57.488368538Z" + version: 3.4.2 +digest: sha256:4a493e9a52e08b4670fcf9356b8eb58b93c63649af61b6b02478172a73e6937c +generated: "2025-06-11T10:23:45.016574457Z" diff --git a/charts/kyverno-policies/Chart.yaml b/charts/kyverno-policies/Chart.yaml index 8628e595..4282b87b 100644 --- a/charts/kyverno-policies/Chart.yaml +++ b/charts/kyverno-policies/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ version: 0.1.1 appVersion: "1.13.4" dependencies: - name: kyverno-policies - version: 3.4.1 + version: 3.4.2 repository: "https://kyverno.github.io/kyverno/" alias: kyvernopolicies maintainers: diff --git a/charts/kyverno-policies/README.md b/charts/kyverno-policies/README.md index 24023ee5..b952b9b3 100644 --- a/charts/kyverno-policies/README.md +++ b/charts/kyverno-policies/README.md @@ -1,6 +1,6 @@ # kyverno-policies -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kyverno.github.io/kyverno/ | kyvernopolicies(kyverno-policies) | 3.4.1 | +| https://kyverno.github.io/kyverno/ | kyvernopolicies(kyverno-policies) | 3.4.2 | ## Maintainers @@ -30,6 +30,7 @@ A Helm chart for Kubernetes |-----|------|---------|-------------| | kyvernopolicies.autogenControllers | string | `""` | Customize the target Pod controllers for the auto-generated rules. (Eg. `none`, `Deployment`, `DaemonSet,Deployment,StatefulSet`) For more info https://kyverno.io/docs/writing-policies/autogen/. | | kyvernopolicies.background | bool | `true` | Policies background mode | +| kyvernopolicies.customAnnotations | object | `{}` | Additional Annotations. | | kyvernopolicies.customLabels | object | `{}` | Additional labels. | | kyvernopolicies.customPolicies | list | `[]` | Additional custom policies to include. | | kyvernopolicies.failurePolicy | string | `"Fail"` | API server behavior if the webhook fails to respond ('Ignore', 'Fail') For more info: https://kyverno.io/docs/writing-policies/policy-settings/ | @@ -45,7 +46,7 @@ A Helm chart for Kubernetes | kyvernopolicies.policyKind | string | `"ClusterPolicy"` | Policy kind (`ClusterPolicy`, `Policy`) Set to `Policy` if you need namespaced policies and not cluster policies | | kyvernopolicies.policyPreconditions | object | `{}` | Add preconditions to individual policies. Policies with multiple rules can have individual rules excluded by using the name of the rule as the key in the `policyPreconditions` map. | | kyvernopolicies.skipBackgroundRequests | bool | `nil` | SkipBackgroundRequests bypasses admission requests that are sent by the background controller | -| kyvernopolicies.validationAllowExistingViolations | bool | `true` | Validate already existing resources. For more info https://kyverno.io/docs/writing-policies/validate. | +| kyvernopolicies.validationAllowExistingViolations | bool | `true` | Validate already existing resources. For more info https://kyverno.io/docs/policy-types/. | | kyvernopolicies.validationFailureAction | string | `"Audit"` | Validation failure action (`Audit`, `Enforce`). For more info https://kyverno.io/docs/writing-policies/validate. | | kyvernopolicies.validationFailureActionByPolicy | object | `{}` | Define validationFailureActionByPolicy for specific policies. Override the defined `validationFailureAction` with a individual validationFailureAction for individual Policies. | | kyvernopolicies.validationFailureActionOverrides | object | `{"all":[]}` | Define validationFailureActionOverrides for specific policies. The overrides for `all` will apply to all policies. | @@ -75,7 +76,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.1" + targetRevision: "0.1.2" chart: kyverno-policies path: '' helm: diff --git a/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz b/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz deleted file mode 100644 index f9a948ad..00000000 Binary files a/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz and /dev/null differ diff --git a/charts/kyverno-policies/charts/kyverno-policies-3.4.2.tgz b/charts/kyverno-policies/charts/kyverno-policies-3.4.2.tgz new file mode 100644 index 00000000..9a13d12a Binary files /dev/null and b/charts/kyverno-policies/charts/kyverno-policies-3.4.2.tgz differ diff --git a/charts/kyverno-policies/values.yaml b/charts/kyverno-policies/values.yaml index 507647bd..fc7dcc48 100644 --- a/charts/kyverno-policies/values.yaml +++ b/charts/kyverno-policies/values.yaml @@ -58,7 +58,7 @@ kyvernopolicies: # - fluent # -- Validate already existing resources. - # For more info https://kyverno.io/docs/writing-policies/validate. + # For more info https://kyverno.io/docs/policy-types/. validationAllowExistingViolations: true # -- Exclude resources from individual policies. @@ -108,6 +108,9 @@ kyvernopolicies: # -- Name override. nameOverride: + # -- Additional Annotations. + customAnnotations: {} + # -- Additional labels. customLabels: {} diff --git a/charts/kyverno/Chart.lock b/charts/kyverno/Chart.lock index 405959e7..315e79f7 100644 --- a/charts/kyverno/Chart.lock +++ b/charts/kyverno/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kyverno repository: https://kyverno.github.io/kyverno/ - version: 3.4.1 -digest: sha256:91a0bea17ffa77211290f7a569dc9e5f9383814f736c25caea2a07a2b500c2ff -generated: "2025-05-07T10:25:24.475931183Z" + version: 3.4.2 +digest: sha256:976c1c86c797d6487f57b3a01ee456381f9ff57f13491561b94c38f089016e18 +generated: "2025-06-11T10:24:04.895861577Z" diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml index dbee9a78..38f1fc01 100644 --- a/charts/kyverno/Chart.yaml +++ b/charts/kyverno/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ version: 0.1.2 appVersion: "1.13.4" dependencies: - name: kyverno - version: 3.4.1 + version: 3.4.2 repository: "https://kyverno.github.io/kyverno/" maintainers: - name: wiemaouadi diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 9c95965b..57ef12f6 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -1,6 +1,6 @@ # kyverno -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kyverno.github.io/kyverno/ | kyverno | 3.4.1 | +| https://kyverno.github.io/kyverno/ | kyverno | 3.4.2 | ## Maintainers @@ -48,6 +48,7 @@ A Helm chart for kyverno | kyverno.admissionController.container.resources.limits | object | `{"memory":"384Mi"}` | Pod resource limits | | kyverno.admissionController.container.resources.requests | object | `{"cpu":"100m","memory":"128Mi"}` | Pod resource requests | | kyverno.admissionController.container.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context | +| kyverno.admissionController.crdWatcher | bool | `false` | Enable/Disable custom resource watcher to invalidate cache | | kyverno.admissionController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. | | kyverno.admissionController.dnsConfig | object | `{}` | `dnsConfig` allows to specify DNS configuration for the pod. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config. | | kyverno.admissionController.dnsPolicy | string | `"ClusterFirst"` | `dnsPolicy` determines the manner in which DNS resolution happens in the cluster. In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. | @@ -371,6 +372,7 @@ A Helm chart for kyverno | kyverno.fullnameOverride | string | `nil` | Override the expanded name of the chart | | kyverno.global.caCertificates.data | string | `nil` | Global CA certificates to use with Kyverno deployments This value is expected to be one large string of CA certificates Individual controller values will override this global value | | kyverno.global.caCertificates.volume | object | `{}` | Global value to set single volume to be mounted for CA certificates for all deployments. Not used when `.Values.global.caCertificates.data` is defined Individual controller values will override this global value | +| kyverno.global.crdWatcher | bool | `false` | Enable/Disable custom resource watcher to invalidate cache | | kyverno.global.extraEnvVars | list | `[]` | Additional container environment variables to apply to all containers and init containers | | kyverno.global.image.registry | string | `nil` | Global value that allows to set a single image registry across all deployments. When set, it will override any values set under `.image.registry` across the chart. | | kyverno.global.imagePullSecrets | list | `[]` | Global list of Image pull secrets When set, it will override any values set under `imagePullSecrets` under different components across the chart. | @@ -550,7 +552,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.2" + targetRevision: "0.1.3" chart: kyverno path: '' helm: diff --git a/charts/kyverno/charts/kyverno-3.4.1.tgz b/charts/kyverno/charts/kyverno-3.4.1.tgz deleted file mode 100644 index 4cc88c26..00000000 Binary files a/charts/kyverno/charts/kyverno-3.4.1.tgz and /dev/null differ diff --git a/charts/kyverno/charts/kyverno-3.4.2.tgz b/charts/kyverno/charts/kyverno-3.4.2.tgz new file mode 100644 index 00000000..134bbcf3 Binary files /dev/null and b/charts/kyverno/charts/kyverno-3.4.2.tgz differ diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 98935898..daffb2ef 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -37,6 +37,9 @@ kyverno: # -- Resync period for informers resyncPeriod: 15m + # -- Enable/Disable custom resource watcher to invalidate cache + crdWatcher: false + caCertificates: # -- Global CA certificates to use with Kyverno deployments # This value is expected to be one large string of CA certificates @@ -862,6 +865,9 @@ kyverno: # -- Resync period for informers resyncPeriod: 15m + # -- Enable/Disable custom resource watcher to invalidate cache + crdWatcher: false + # -- Additional labels to add to each pod podLabels: {} # example.com/label: foo diff --git a/charts/velero/Chart.lock b/charts/velero/Chart.lock index b32a7e61..6966db82 100644 --- a/charts/velero/Chart.lock +++ b/charts/velero/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: velero repository: https://vmware-tanzu.github.io/helm-charts - version: 9.1.2 + version: 10.0.4 - name: gcp-workload-identity repository: https://edixos.github.io/ekp-helm version: 0.1.1 @@ -14,5 +14,5 @@ dependencies: - name: gcp-bucket repository: https://edixos.github.io/ekp-helm version: 0.1.0 -digest: sha256:56dafcc28b5517504b03be7a9549166c131b26251d03d0d55a63954e2c5bf30a -generated: "2025-05-14T10:23:09.920610947Z" +digest: sha256:52f72e728eb86761ddbfbaf2ffddf2e096411d38e65bc20350a6a7606e7b1ac6 +generated: "2025-06-11T10:23:56.500298291Z" diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml index 2bca7d40..10371bea 100644 --- a/charts/velero/Chart.yaml +++ b/charts/velero/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: velero description: A Helm chart for velero type: application -version: 0.1.4 +version: 0.1.5 appVersion: "1.15.2" dependencies: - name: velero - version: 9.1.2 + version: 10.0.4 repository: "https://vmware-tanzu.github.io/helm-charts" - name: gcp-workload-identity version: 0.1.1 diff --git a/charts/velero/README.md b/charts/velero/README.md index c13ca208..69f21f3c 100644 --- a/charts/velero/README.md +++ b/charts/velero/README.md @@ -1,6 +1,6 @@ # velero -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.15.2](https://img.shields.io/badge/AppVersion-1.15.2-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.15.2](https://img.shields.io/badge/AppVersion-1.15.2-informational?style=flat-square) ## Prerequisites @@ -15,7 +15,7 @@ | https://edixos.github.io/ekp-helm | iamCustomRole(gcp-iam-custom-role) | 0.1.0 | | https://edixos.github.io/ekp-helm | iamPolicyMembers(gcp-iam-policy-members) | 0.1.2 | | https://edixos.github.io/ekp-helm | workloadIdentity(gcp-workload-identity) | 0.1.1 | -| https://vmware-tanzu.github.io/helm-charts | velero | 9.1.2 | +| https://vmware-tanzu.github.io/helm-charts | velero | 10.0.4 | ## Maintainers @@ -58,7 +58,7 @@ A Helm chart for velero | velero.configuration.backupStorageLocation[0].config | object | `{}` | | | velero.configuration.backupStorageLocation[0].credential.key | string | `nil` | | | velero.configuration.backupStorageLocation[0].credential.name | string | `nil` | | -| velero.configuration.backupStorageLocation[0].default | string | `nil` | | +| velero.configuration.backupStorageLocation[0].default | bool | `false` | | | velero.configuration.backupStorageLocation[0].name | string | `nil` | | | velero.configuration.backupStorageLocation[0].prefix | string | `nil` | | | velero.configuration.backupStorageLocation[0].provider | string | `nil` | | @@ -67,6 +67,7 @@ A Helm chart for velero | velero.configuration.clientBurst | string | `nil` | | | velero.configuration.clientPageSize | string | `nil` | | | velero.configuration.clientQPS | string | `nil` | | +| velero.configuration.dataMoverPrepareTimeout | string | `nil` | | | velero.configuration.defaultBackupStorageLocation | string | `nil` | | | velero.configuration.defaultBackupTTL | string | `nil` | | | velero.configuration.defaultItemOperationTimeout | string | `nil` | | @@ -77,7 +78,7 @@ A Helm chart for velero | velero.configuration.disableControllers | string | `nil` | | | velero.configuration.disableInformerCache | bool | `false` | | | velero.configuration.extraArgs | list | `[]` | | -| velero.configuration.extraEnvVars | object | `{}` | | +| velero.configuration.extraEnvVars | list | `[]` | | | velero.configuration.features | string | `nil` | | | velero.configuration.fsBackupTimeout | string | `nil` | | | velero.configuration.garbageCollectionFrequency | string | `nil` | | @@ -116,6 +117,7 @@ A Helm chart for velero | velero.extraVolumeMounts | list | `[]` | | | velero.extraVolumes | list | `[]` | | | velero.fullnameOverride | string | `""` | | +| velero.hostAliases | list | `[]` | | | velero.image.imagePullSecrets | list | `[]` | | | velero.image.pullPolicy | string | `"IfNotPresent"` | | | velero.image.repository | string | `"velero/velero"` | | @@ -153,7 +155,11 @@ A Helm chart for velero | velero.metrics.scrapeInterval | string | `"30s"` | | | velero.metrics.scrapeTimeout | string | `"10s"` | | | velero.metrics.service.annotations | object | `{}` | | +| velero.metrics.service.externalTrafficPolicy | string | `""` | | +| velero.metrics.service.internalTrafficPolicy | string | `""` | | | velero.metrics.service.labels | object | `{}` | | +| velero.metrics.service.nodePort | string | `nil` | | +| velero.metrics.service.type | string | `"ClusterIP"` | | | velero.metrics.serviceMonitor.additionalLabels | object | `{}` | | | velero.metrics.serviceMonitor.annotations | object | `{}` | | | velero.metrics.serviceMonitor.autodetect | bool | `true` | | @@ -166,9 +172,10 @@ A Helm chart for velero | velero.nodeAgent.dnsConfig | object | `{}` | | | velero.nodeAgent.dnsPolicy | string | `"ClusterFirst"` | | | velero.nodeAgent.extraArgs | list | `[]` | | -| velero.nodeAgent.extraEnvVars | object | `{}` | | +| velero.nodeAgent.extraEnvVars | list | `[]` | | | velero.nodeAgent.extraVolumeMounts | list | `[]` | | | velero.nodeAgent.extraVolumes | list | `[]` | | +| velero.nodeAgent.hostAliases | list | `[]` | | | velero.nodeAgent.labels | object | `{}` | | | velero.nodeAgent.lifecycle | object | `{}` | | | velero.nodeAgent.nodeSelector | object | `{}` | | @@ -213,7 +220,7 @@ A Helm chart for velero | velero.tolerations | list | `[]` | | | velero.upgradeCRDs | bool | `true` | | | velero.upgradeCRDsJob.automountServiceAccountToken | bool | `true` | | -| velero.upgradeCRDsJob.extraEnvVars | object | `{}` | | +| velero.upgradeCRDsJob.extraEnvVars | list | `[]` | | | velero.upgradeCRDsJob.extraVolumeMounts | list | `[]` | | | velero.upgradeCRDsJob.extraVolumes | list | `[]` | | | velero.upgradeJobResources | object | `{}` | | @@ -244,7 +251,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.4" + targetRevision: "0.1.5" chart: velero path: '' helm: diff --git a/charts/velero/charts/velero-10.0.4.tgz b/charts/velero/charts/velero-10.0.4.tgz new file mode 100644 index 00000000..adb78a42 Binary files /dev/null and b/charts/velero/charts/velero-10.0.4.tgz differ diff --git a/charts/velero/charts/velero-9.1.2.tgz b/charts/velero/charts/velero-9.1.2.tgz deleted file mode 100644 index 14de8687..00000000 Binary files a/charts/velero/charts/velero-9.1.2.tgz and /dev/null differ diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index 33574af6..fa23f0c4 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -91,6 +91,14 @@ velero: # cpu: 1000m # memory: 512Mi + # Configure hostAliases for Velero deployment. Optional + # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # Resource requests/limits to specify for the upgradeCRDs job pod. Need to be adjusted by user accordingly. upgradeJobResources: {} # requests: @@ -104,8 +112,18 @@ velero: extraVolumes: [] # Extra volumeMounts for the Upgrade CRDs Job. Optional. extraVolumeMounts: [] - # Extra key/value pairs to be used as environment variables. Optional. - extraEnvVars: {} + # Additional values to be used as environment variables. Optional. + extraEnvVars: [] + # Simple value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] + # Configure if API credential for Service Account is automounted. automountServiceAccountToken: true # Configure the shell cmd in case you are using custom image @@ -230,7 +248,14 @@ velero: # service metdata if metrics are enabled service: annotations: {} + type: ClusterIP labels: {} + nodePort: null + + # External/Internal traffic policy setting (Cluster, Local) + # https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies + externalTrafficPolicy: "" + internalTrafficPolicy: "" # Pod annotations for Prometheus podAnnotations: @@ -347,7 +372,7 @@ velero: # prefix is the directory under which all Velero data should be stored within the bucket. Optional. prefix: # default indicates this location is the default backup storage location. Optional. - default: + default: false # validationFrequency defines how frequently Velero should validate the object storage. Optional. validationFrequency: # accessMode determines if velero can write to this backup storage location. Optional. @@ -463,6 +488,8 @@ velero: # Comma separated list of velero feature flags. default: empty # features: EnableCSI features: + # Configures the timeout for provisioning the volume created from the CSI snapshot. Default: 30m + dataMoverPrepareTimeout: # Resource requests/limits to specify for the repository-maintenance job. Optional. # https://velero.io/docs/v1.14/repository-maintenance/#resource-limitation repositoryMaintenanceJob: @@ -480,8 +507,17 @@ velero: # e.g.: extraArgs: ["--foo=bar"] extraArgs: [] - # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'" - extraEnvVars: {} + # Additional values to be used as environment variables. Optional. + extraEnvVars: [] + # Simple value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] # Set true for backup all pod volumes without having to apply annotation on the pod when used file system backup Default: false. defaultVolumesToFsBackup: @@ -600,8 +636,17 @@ velero: # Extra volumeMounts for the node-agent daemonset. Optional. extraVolumeMounts: [] - # Key/value pairs to be used as environment variables for the node-agent daemonset. Optional. - extraEnvVars: {} + # Additional values to be used as environment variables for node-agent daemonset. Optional. + extraEnvVars: [] + # Simple key/value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] # Additional command-line arguments that will be passed to the node-agent. Optional. # e.g.: extraArgs: ["--foo=bar"] @@ -611,6 +656,14 @@ velero: # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy dnsPolicy: ClusterFirst + # Configure hostAliases for node-agent daemonset. Optional + # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # SecurityContext to use for the Velero deployment. Optional. # Set fsGroup for `AWS IAM Roles for Service Accounts` # see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html