diff --git a/charts/argocd/Chart.lock b/charts/argocd/Chart.lock index f8b65043..9ae97ec8 100644 --- a/charts/argocd/Chart.lock +++ b/charts/argocd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm - version: 8.0.1 -digest: sha256:ba6c49d64851ea12a80e5c30e96ce38ebff712aa90678955595479f613e12089 -generated: "2025-05-14T10:23:53.65818767Z" + version: 8.1.1 +digest: sha256:c1fecb6c8c8fac4b7a57f34c74155a69cf21bc1b7ec048d0a8eb286c92e0393d +generated: "2025-06-25T10:25:58.37409303Z" diff --git a/charts/argocd/Chart.yaml b/charts/argocd/Chart.yaml index b29e4f01..7e41372a 100644 --- a/charts/argocd/Chart.yaml +++ b/charts/argocd/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: argocd description: A Helm chart for Kubernetes type: application -version: 0.1.3 +version: 0.1.4 appVersion: "2.14.4" dependencies: - name: argo-cd - version: 8.0.1 + version: 8.1.1 repository: "https://argoproj.github.io/argo-helm" alias: argocd maintainers: diff --git a/charts/argocd/README.md b/charts/argocd/README.md index c88faadb..bfe12966 100644 --- a/charts/argocd/README.md +++ b/charts/argocd/README.md @@ -1,6 +1,6 @@ # argocd -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.14.4](https://img.shields.io/badge/AppVersion-2.14.4-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.14.4](https://img.shields.io/badge/AppVersion-2.14.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argocd(argo-cd) | 8.0.1 | +| https://argoproj.github.io/argo-helm | argocd(argo-cd) | 8.1.1 | ## Maintainers @@ -49,6 +49,7 @@ A Helm chart for Kubernetes | argocd.applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | argocd.applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | | argocd.applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | +| argocd.applicationSet.deploymentLabels | object | `{}` | Labels for the ApplicationSet controller Deployment | | argocd.applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | | argocd.applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | argocd.applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | @@ -137,6 +138,7 @@ A Helm chart for Kubernetes | argocd.commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | | argocd.commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | | argocd.commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| argocd.commitServer.deploymentLabels | object | `{}` | Labels for the commit server Deployment | | argocd.commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | | argocd.commitServer.dnsConfig | object | `{}` | [DNS configuration] | | argocd.commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | @@ -220,6 +222,7 @@ A Helm chart for Kubernetes | argocd.configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | | argocd.configs.params."controller.status.processors" | int | `20` | Number of application status processors | | argocd.configs.params."controller.sync.timeout.seconds" | int | `0` | Specifies the timeout after which a sync would be terminated. 0 means no timeout | +| argocd.configs.params."hydrator.enabled" | bool | `false` | Enable the hydrator feature (hydrator is in Alpha phase) | | argocd.configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") | | argocd.configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | | argocd.configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | @@ -268,6 +271,7 @@ A Helm chart for Kubernetes | argocd.controller.containerPorts.metrics | int | `8082` | Metrics container port | | argocd.controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | argocd.controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | +| argocd.controller.deploymentLabels | object | `{}` | Labels for the application controller Deployment | | argocd.controller.dnsConfig | object | `{}` | [DNS configuration] | | argocd.controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | | argocd.controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution # This is done using a deployment instead of a statefulSet # When replicas are added or removed, the sharding algorithm is re-run to ensure that the # clusters are distributed according to the algorithm. If the algorithm is well-balanced, # like round-robin, then the shards will be well-balanced. | @@ -359,6 +363,7 @@ A Helm chart for Kubernetes | argocd.dex.containerPorts.metrics | int | `5558` | Metrics container port | | argocd.dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | | argocd.dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | +| argocd.dex.deploymentLabels | object | `{}` | Labels for the Dex server Deployment | | argocd.dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | | argocd.dex.dnsConfig | object | `{}` | [DNS configuration] | | argocd.dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | @@ -370,7 +375,7 @@ A Helm chart for Kubernetes | argocd.dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod # Note: Supports use of custom Helm templates | | argocd.dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | argocd.dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| argocd.dex.image.tag | string | `"v2.42.1"` | Dex image tag | +| argocd.dex.image.tag | string | `"v2.43.1"` | Dex image tag | | argocd.dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | argocd.dex.initContainers | list | `[]` | Init containers to add to the dex pod # Note: Supports use of custom Helm templates | | argocd.dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -436,7 +441,7 @@ A Helm chart for Kubernetes | argocd.dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | | argocd.dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | | argocd.dex.volumes | list | `[]` | Additional volumes to the dex pod | -| argocd.externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored | +| argocd.externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored | | argocd.externalRedis.host | string | `""` | External Redis server host | | argocd.externalRedis.password | string | `""` | External Redis password | | argocd.externalRedis.port | int | `6379` | External Redis server port | @@ -451,6 +456,7 @@ A Helm chart for Kubernetes | argocd.global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | argocd.global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | argocd.global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | +| argocd.global.deploymentLabels | object | `{}` | Labels for the all deployed Deployments | | argocd.global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | argocd.global.domain | string | `"argocd.example.com"` | Default domain used by all components # Used for ingresses, certificates, SSO, notifications, etc. | | argocd.global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | @@ -487,6 +493,7 @@ A Helm chart for Kubernetes | argocd.notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | | argocd.notifications.context | object | `{}` | Define user-defined context # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context | | argocd.notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | +| argocd.notifications.deploymentLabels | object | `{}` | Labels for the notifications controller Deployment | | argocd.notifications.deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy to be added to the notifications controller Deployment | | argocd.notifications.dnsConfig | object | `{}` | [DNS configuration] | | argocd.notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods | @@ -574,11 +581,12 @@ A Helm chart for Kubernetes | argocd.redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | argocd.redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | argocd.redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| argocd.redis-ha.haproxy.image.repository | string | `"ecr-public.aws.com/docker/library/haproxy"` | HAProxy Image Repository | | argocd.redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | argocd.redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | argocd.redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | argocd.redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | -| argocd.redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| argocd.redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argocd.redis-ha.image.tag | string | `"7.2.8-alpine"` | Redis tag # Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis | | argocd.redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | argocd.redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | @@ -596,6 +604,7 @@ A Helm chart for Kubernetes | argocd.redis.containerPorts.redis | int | `6379` | Redis container port | | argocd.redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | | argocd.redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment | +| argocd.redis.deploymentLabels | object | `{}` | Labels for the Redis server Deployment | | argocd.redis.dnsConfig | object | `{}` | [DNS configuration] | | argocd.redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods | | argocd.redis.enabled | bool | `true` | Enable redis | @@ -606,7 +615,7 @@ A Helm chart for Kubernetes | argocd.redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | argocd.redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | argocd.redis.exporter.image.repository | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | -| argocd.redis.exporter.image.tag | string | `"v1.71.0"` | Tag to use for the redis-exporter | +| argocd.redis.exporter.image.tag | string | `"v1.74.0"` | Tag to use for the redis-exporter | | argocd.redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | argocd.redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | argocd.redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -623,7 +632,7 @@ A Helm chart for Kubernetes | argocd.redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | argocd.redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod # Note: Supports use of custom Helm templates | | argocd.redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | -| argocd.redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| argocd.redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argocd.redis.image.tag | string | `"7.2.8-alpine"` | Redis tag # Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis | | argocd.redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | argocd.redis.initContainers | list | `[]` | Init containers to add to the redis pod # Note: Supports use of custom Helm templates | @@ -723,6 +732,7 @@ A Helm chart for Kubernetes | argocd.repoServer.containerPorts.server | int | `8081` | Repo server container port | | argocd.repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | argocd.repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| argocd.repoServer.deploymentLabels | object | `{}` | Labels for the repo server Deployment | | argocd.repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | | argocd.repoServer.dnsConfig | object | `{}` | [DNS configuration] | | argocd.repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | @@ -786,6 +796,7 @@ A Helm chart for Kubernetes | argocd.repoServer.service.labels | object | `{}` | Repo server service labels | | argocd.repoServer.service.port | int | `8081` | Repo server service port | | argocd.repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name | +| argocd.repoServer.service.trafficDistribution | string | `""` | Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy. | | argocd.repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | argocd.repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | argocd.repoServer.serviceAccount.create | bool | `true` | Create repo server service account | @@ -832,6 +843,7 @@ A Helm chart for Kubernetes | argocd.server.containerPorts.server | int | `8080` | Server container port | | argocd.server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | argocd.server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| argocd.server.deploymentLabels | object | `{}` | Labels for the server Deployment | | argocd.server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | | argocd.server.dnsConfig | object | `{}` | [DNS configuration] | | argocd.server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | @@ -989,7 +1001,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: argocd path: '' helm: diff --git a/charts/argocd/charts/argo-cd-8.0.1.tgz b/charts/argocd/charts/argo-cd-8.0.1.tgz deleted file mode 100644 index cd15af30..00000000 Binary files a/charts/argocd/charts/argo-cd-8.0.1.tgz and /dev/null differ diff --git a/charts/argocd/charts/argo-cd-8.1.1.tgz b/charts/argocd/charts/argo-cd-8.1.1.tgz new file mode 100644 index 00000000..04310965 Binary files /dev/null and b/charts/argocd/charts/argo-cd-8.1.1.tgz differ diff --git a/charts/argocd/values.yaml b/charts/argocd/values.yaml index 25e7fd2f..73ec131d 100644 --- a/charts/argocd/values.yaml +++ b/charts/argocd/values.yaml @@ -98,6 +98,9 @@ argocd: # -- Annotations for the all deployed Deployments deploymentAnnotations: {} + # -- Labels for the all deployed Deployments + deploymentLabels: {} + # -- Annotations for the all deployed pods podAnnotations: {} @@ -438,6 +441,8 @@ argocd: server.enable.gzip: true # -- Enable proxy extension feature. (proxy extension is in Alpha phase) server.enable.proxy.extension: false + # -- Enable the hydrator feature (hydrator is in Alpha phase) + hydrator.enabled: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin @@ -906,6 +911,9 @@ argocd: # -- Annotations for the application controller Deployment deploymentAnnotations: {} + # -- Labels for the application controller Deployment + deploymentLabels: {} + # -- Annotations to be added to application controller pods podAnnotations: {} @@ -1172,7 +1180,7 @@ argocd: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.42.1 + tag: v2.43.1 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1254,6 +1262,9 @@ argocd: # -- Annotations to be added to the Dex server Deployment deploymentAnnotations: {} + # -- Labels for the Dex server Deployment + deploymentLabels: {} + # -- Annotations to be added to the Dex server pods podAnnotations: {} @@ -1435,7 +1446,7 @@ argocd: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 7.2.8-alpine @@ -1454,7 +1465,7 @@ argocd: # -- Repository to use for the redis-exporter repository: ghcr.io/oliver006/redis_exporter # -- Tag to use for the redis-exporter - tag: v1.71.0 + tag: v1.74.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1575,6 +1586,9 @@ argocd: # -- Annotations to be added to the Redis server Deployment deploymentAnnotations: {} + # -- Labels for the Redis server Deployment + deploymentLabels: {} + # -- Annotations to be added to the Redis server pods podAnnotations: {} @@ -1722,7 +1736,7 @@ argocd: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 7.2.8-alpine @@ -1754,6 +1768,9 @@ argocd: # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. labels: app.kubernetes.io/name: argocd-redis-ha-haproxy + image: + # -- HAProxy Image Repository + repository: ecr-public.aws.com/docker/library/haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true @@ -1818,8 +1835,8 @@ argocd: password: "" # -- External Redis server port port: 6379 - # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. - # When it's set, the `externalRedis.password` parameter is ignored + # -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. + # When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored existingSecret: "" # -- External Redis Secret annotations secretAnnotations: {} @@ -2107,6 +2124,9 @@ argocd: # -- Annotations to be added to server Deployment deploymentAnnotations: {} + # -- Labels for the server Deployment + deploymentLabels: {} + # -- Annotations to be added to server pods podAnnotations: {} @@ -2755,6 +2775,9 @@ argocd: # -- Annotations to be added to repo server Deployment deploymentAnnotations: {} + # -- Labels for the repo server Deployment + deploymentLabels: {} + # -- Annotations to be added to repo server pods podAnnotations: {} @@ -2885,6 +2908,8 @@ argocd: port: 8081 # -- Repo server service port name portName: tcp-repo-server + # -- Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy. + trafficDistribution: "" ## Repo server metrics service configuration metrics: @@ -3125,6 +3150,9 @@ argocd: # -- Annotations to be added to ApplicationSet controller Deployment deploymentAnnotations: {} + # -- Labels for the ApplicationSet controller Deployment + deploymentLabels: {} + # -- Annotations for the ApplicationSet controller pods podAnnotations: {} @@ -3507,6 +3535,9 @@ argocd: # -- Annotations to be applied to the notifications controller Deployment deploymentAnnotations: {} + # -- Labels for the notifications controller Deployment + deploymentLabels: {} + # -- Annotations to be applied to the notifications controller Pods podAnnotations: {} @@ -3990,6 +4021,9 @@ argocd: # -- Annotations to be added to commit server Deployment deploymentAnnotations: {} + # -- Labels for the commit server Deployment + deploymentLabels: {} + # -- Annotations for the commit server pods podAnnotations: {} diff --git a/charts/cert-manager/Chart.lock b/charts/cert-manager/Chart.lock index ba361324..b87133c0 100644 --- a/charts/cert-manager/Chart.lock +++ b/charts/cert-manager/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: cert-manager repository: https://charts.jetstack.io - version: v1.17.2 + version: v1.18.1 - name: gcp-workload-identity repository: https://edixos.github.io/ekp-helm version: 0.1.1 - name: gcp-iam-policy-members repository: https://edixos.github.io/ekp-helm version: 0.1.2 -digest: sha256:332d9476ee0ae270e6ab49c0a8474c4a9ded472b0198920ab2f457119509c2f8 -generated: "2025-05-07T10:23:12.154607043Z" +digest: sha256:30904c0a6cb69e7fd6a4b395e5180eca8e673bf619bc54acacc767a32b2f606a +generated: "2025-06-25T10:24:06.060524723Z" diff --git a/charts/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml index e45f8d04..79e7bdf6 100644 --- a/charts/cert-manager/Chart.yaml +++ b/charts/cert-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cert-manager description: A Helm chart for cert-manager type: application -version: 0.1.3 +version: 0.1.4 appVersion: "1.17.1" maintainers: - name: wiemaouadi @@ -13,7 +13,7 @@ maintainers: url: https://github.com/smileisak dependencies: - name: cert-manager - version: "v1.17.2" + version: "v1.18.1" repository: "https://charts.jetstack.io" alias: certmanager - name: gcp-workload-identity diff --git a/charts/cert-manager/README.md b/charts/cert-manager/README.md index 3e99aee1..85e137b3 100644 --- a/charts/cert-manager/README.md +++ b/charts/cert-manager/README.md @@ -1,6 +1,6 @@ # cert-manager -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://charts.jetstack.io | certmanager(cert-manager) | v1.17.2 | +| https://charts.jetstack.io | certmanager(cert-manager) | v1.18.1 | | https://edixos.github.io/ekp-helm | iamPolicyMembers(gcp-iam-policy-members) | 0.1.2 | | https://edixos.github.io/ekp-helm | workloadIdentity(gcp-workload-identity) | 0.1.1 | @@ -89,6 +89,7 @@ A Helm chart for cert-manager | certmanager.global.priorityClassName | string | `""` | | | certmanager.global.rbac.aggregateClusterRoles | bool | `true` | | | certmanager.global.rbac.create | bool | `true` | | +| certmanager.global.rbac.disableHTTPChallengesRole | bool | `false` | | | certmanager.hostAliases | list | `[]` | | | certmanager.image.pullPolicy | string | `"IfNotPresent"` | | | certmanager.image.repository | string | `"quay.io/jetstack/cert-manager-controller"` | | @@ -124,7 +125,7 @@ A Helm chart for cert-manager | certmanager.prometheus.servicemonitor.path | string | `"/metrics"` | | | certmanager.prometheus.servicemonitor.prometheusInstance | string | `"default"` | | | certmanager.prometheus.servicemonitor.scrapeTimeout | string | `"30s"` | | -| certmanager.prometheus.servicemonitor.targetPort | int | `9402` | | +| certmanager.prometheus.servicemonitor.targetPort | string | `"http-metrics"` | | | certmanager.replicaCount | int | `1` | | | certmanager.resources | object | `{}` | | | certmanager.securityContext.runAsNonRoot | bool | `true` | | @@ -273,7 +274,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: cert-manager path: '' helm: diff --git a/charts/cert-manager/charts/cert-manager-v1.17.2.tgz b/charts/cert-manager/charts/cert-manager-v1.17.2.tgz deleted file mode 100644 index 770113d1..00000000 Binary files a/charts/cert-manager/charts/cert-manager-v1.17.2.tgz and /dev/null differ diff --git a/charts/cert-manager/charts/cert-manager-v1.18.1.tgz b/charts/cert-manager/charts/cert-manager-v1.18.1.tgz new file mode 100644 index 00000000..d92fac9b Binary files /dev/null and b/charts/cert-manager/charts/cert-manager-v1.18.1.tgz differ diff --git a/charts/cert-manager/values.yaml b/charts/cert-manager/values.yaml index 8d554e22..1a86659f 100644 --- a/charts/cert-manager/values.yaml +++ b/charts/cert-manager/values.yaml @@ -50,6 +50,9 @@ certmanager: create: true # Aggregate ClusterRoles to Kubernetes default user-facing roles. For more information, see [User-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) aggregateClusterRoles: true + # To use HTTP-01 ACME challenges, cert-manager needs extra permissions to create pods. + # If you want to avoid this added permission and disable HTTP-01 set this value. + disableHTTPChallengesRole: false podSecurityPolicy: # Create PodSecurityPolicy for cert-manager. @@ -134,14 +137,14 @@ certmanager: enabled: false # This configures the minimum available pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # This configures the maximum unavailable pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # it cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown @@ -193,7 +196,7 @@ certmanager: # Override the "cert-manager.name" value, which is used to annotate some of # the resources that are created by this Chart (using "app.kubernetes.io/name"). # NOTE: There are some inconsistencies in the Helm chart when it comes to - # these annotations (some resources use eg. "cainjector.name" which resolves + # these annotations (some resources use, e.g., "cainjector.name" which resolves # to the value "cainjector"). # +docs:property # nameOverride: "my-cert-manager" @@ -248,10 +251,10 @@ certmanager: # kubernetesAPIBurst: 9000 # numberOfConcurrentWorkers: 200 # enableGatewayAPI: true - # # Feature gates as of v1.17.0. Listed with their default values. + # # Feature gates as of v1.18.1. Listed with their default values. # # See https://cert-manager.io/docs/cli/controller/ # featureGates: - # AdditionalCertificateOutputFormats: true # BETA - default=true + # AdditionalCertificateOutputFormats: true # GA - default=true # AllAlpha: false # ALPHA - default=false # AllBeta: false # BETA - default=false # ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false @@ -263,8 +266,10 @@ certmanager: # ServerSideApply: false # ALPHA - default=false # StableCertificateRequestName: true # BETA - default=true # UseCertificateRequestBasicConstraints: false # ALPHA - default=false - # UseDomainQualifiedFinalizer: true # BETA - default=false + # UseDomainQualifiedFinalizer: true # GA - default=true # ValidateCAA: false # ALPHA - default=false + # DefaultPrivateKeyRotationPolicyAlways: true # BETA - default=true + # ACMEHTTP01IngressPathTypeExact: true # BETA - default=true # # Configure the metrics server for TLS # # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls # metricsTLSConfig: @@ -295,7 +300,7 @@ certmanager: # referencing these signer names will be auto-approved by cert-manager. Defaults to just # approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty # array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, - # because eg. you are using approver-policy, you can enable 'disableAutoApproval'. + # because, e.g., you are using approver-policy, you can enable 'disableAutoApproval'. # ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval # +docs:property approveSignerNames: @@ -519,7 +524,7 @@ certmanager: # ServiceMonitor resource. # Otherwise, 'prometheus.io' annotations are added to the cert-manager and # cert-manager-webhook Deployments. - # Note that you can not enable both PodMonitor and ServiceMonitor as they are + # Note that you cannot enable both PodMonitor and ServiceMonitor as they are # mutually exclusive. Enabling both will result in an error. enabled: true @@ -539,7 +544,8 @@ certmanager: # The target port to set on the ServiceMonitor. This must match the port that the # cert-manager controller is listening on for metrics. - targetPort: 9402 + # +docs:type=string,integer + targetPort: http-metrics # The path to scrape for metrics. path: /metrics @@ -573,7 +579,7 @@ certmanager: # +docs:property endpointAdditionalProperties: {} - # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in an error. + # Note that you cannot enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in an error. podmonitor: # Create a PodMonitor to add cert-manager to Prometheus. enabled: false @@ -723,14 +729,14 @@ certmanager: enabled: false # This property configures the minimum available pods for disruptions. Can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # This property configures the maximum unavailable pods for disruptions. Can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown @@ -1090,14 +1096,14 @@ certmanager: enabled: false # `minAvailable` configures the minimum available pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # Cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # Cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown diff --git a/charts/eso/Chart.lock b/charts/eso/Chart.lock index 5be1b4bf..76fed836 100644 --- a/charts/eso/Chart.lock +++ b/charts/eso/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: external-secrets repository: https://charts.external-secrets.io - version: 0.16.2 -digest: sha256:94cbf896c19437687c2804fc14c7937cd9b12f6d70cc32b1a78aa323777580cb -generated: "2025-05-14T10:23:28.800416977Z" + version: 0.18.0 +digest: sha256:dcf77406a44c697dfa9629b5bec1114915bbd513d2a9d07072c63037465d0cb3 +generated: "2025-06-25T10:24:23.035458347Z" diff --git a/charts/eso/Chart.yaml b/charts/eso/Chart.yaml index 31b9c963..1d7c7ee0 100644 --- a/charts/eso/Chart.yaml +++ b/charts/eso/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: eso description: A Helm chart ESO for Kubernetes type: application -version: 0.1.4 +version: 0.1.5 appVersion: "0.14.2" dependencies: - name: external-secrets - version: 0.16.2 + version: 0.18.0 repository: https://charts.external-secrets.io alias: eso maintainers: diff --git a/charts/eso/README.md b/charts/eso/README.md index fb6aba26..f41c9400 100644 --- a/charts/eso/README.md +++ b/charts/eso/README.md @@ -1,6 +1,6 @@ # eso -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.2](https://img.shields.io/badge/AppVersion-0.14.2-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.2](https://img.shields.io/badge/AppVersion-0.14.2-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://charts.external-secrets.io | eso(external-secrets) | 0.16.2 | +| https://charts.external-secrets.io | eso(external-secrets) | 0.18.0 | ## Maintainers @@ -266,7 +266,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.4" + targetRevision: "0.1.5" chart: eso path: '' diff --git a/charts/eso/charts/external-secrets-0.16.2.tgz b/charts/eso/charts/external-secrets-0.16.2.tgz deleted file mode 100644 index 110c6b39..00000000 Binary files a/charts/eso/charts/external-secrets-0.16.2.tgz and /dev/null differ diff --git a/charts/eso/charts/external-secrets-0.18.0.tgz b/charts/eso/charts/external-secrets-0.18.0.tgz new file mode 100644 index 00000000..dcc889e9 Binary files /dev/null and b/charts/eso/charts/external-secrets-0.18.0.tgz differ diff --git a/charts/eso/values.yaml b/charts/eso/values.yaml index 328a4aa0..980e6358 100644 --- a/charts/eso/values.yaml +++ b/charts/eso/values.yaml @@ -281,8 +281,8 @@ eso: # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 + minAvailable: 1 # @schema type:[integer, string] + # maxUnavailable: "50%" # -- Run the controller on the host network hostNetwork: false @@ -389,8 +389,8 @@ eso: # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 + minAvailable: 1 # @schema type:[integer, string] + # maxUnavailable: "50%" metrics: @@ -525,8 +525,8 @@ eso: # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 + minAvailable: 1 # @schema type:[integer, string] + # maxUnavailable: "50%" metrics: diff --git a/charts/ingress-nginx/Chart.lock b/charts/ingress-nginx/Chart.lock index 17b9b6c0..40c48b32 100644 --- a/charts/ingress-nginx/Chart.lock +++ b/charts/ingress-nginx/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx - version: 4.12.2 -digest: sha256:b58107199720c48a5d00da482ca4cfef20f3971db28ac19aa2158d8f3ee70158 -generated: "2025-05-07T10:25:43.915827482Z" + version: 4.12.3 +digest: sha256:43a2579a2023546aa2557a4c4fa1df5606fa916ade8fe7df19095a9403676603 +generated: "2025-06-25T10:25:06.408947525Z" diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index dd3bf33f..c82e4a18 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx description: A Helm chart for Kubernetes type: application -version: 0.1.3 +version: 0.1.4 appVersion: "1.12.1" maintainers: - name: ilyasabdellaoui @@ -10,6 +10,6 @@ maintainers: url: https://github.com/ilyasabdellaoui dependencies: - name: ingress-nginx - version: 4.12.2 + version: 4.12.3 repository: "https://kubernetes.github.io/ingress-nginx" alias: ingressNginx diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 8f5d6dbb..1efd6e6a 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -1,6 +1,6 @@ # ingress-nginx -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.1](https://img.shields.io/badge/AppVersion-1.12.1-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.1](https://img.shields.io/badge/AppVersion-1.12.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kubernetes.github.io/ingress-nginx | ingressNginx(ingress-nginx) | 4.12.2 | +| https://kubernetes.github.io/ingress-nginx | ingressNginx(ingress-nginx) | 4.12.3 | ## Maintainers @@ -46,10 +46,10 @@ A Helm chart for Kubernetes | ingressNginx.controller.admissionWebhooks.namespaceSelector | object | `{}` | | | ingressNginx.controller.admissionWebhooks.objectSelector | object | `{}` | | | ingressNginx.controller.admissionWebhooks.patch.enabled | bool | `true` | | -| ingressNginx.controller.admissionWebhooks.patch.image.digest | string | `"sha256:2cf4ebfa82a37c357455458f6dfc334aea1392d508270b2517795a9933a02524"` | | +| ingressNginx.controller.admissionWebhooks.patch.image.digest | string | `"sha256:7a38cf0f8480775baaee71ab519c7465fd1dfeac66c421f28f087786e631456e"` | | | ingressNginx.controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | ingressNginx.controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | -| ingressNginx.controller.admissionWebhooks.patch.image.tag | string | `"v1.5.3"` | | +| ingressNginx.controller.admissionWebhooks.patch.image.tag | string | `"v1.5.4"` | | | ingressNginx.controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | ingressNginx.controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | ingressNginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | @@ -116,8 +116,8 @@ A Helm chart for Kubernetes | ingressNginx.controller.hostname | object | `{}` | Optionally customize the pod hostname. | | ingressNginx.controller.image.allowPrivilegeEscalation | bool | `false` | | | ingressNginx.controller.image.chroot | bool | `false` | | -| ingressNginx.controller.image.digest | string | `"sha256:03497ee984628e95eca9b2279e3f3a3c1685dd48635479e627d219f00c8eefa9"` | | -| ingressNginx.controller.image.digestChroot | string | `"sha256:a697e2bfa419768315250d079ccbbca45f6099c60057769702b912d20897a574"` | | +| ingressNginx.controller.image.digest | string | `"sha256:ac444cd9515af325ba577b596fe4f27a34be1aa330538e8b317ad9d6c8fb94ee"` | | +| ingressNginx.controller.image.digestChroot | string | `"sha256:d830fba93e9e0f5ef1462f5fe8a7cd7b167178b79e6c10c041c7da19f1ac66ab"` | | | ingressNginx.controller.image.image | string | `"ingress-nginx/controller"` | | | ingressNginx.controller.image.pullPolicy | string | `"IfNotPresent"` | | | ingressNginx.controller.image.readOnlyRootFilesystem | bool | `false` | | @@ -125,7 +125,7 @@ A Helm chart for Kubernetes | ingressNginx.controller.image.runAsNonRoot | bool | `true` | | | ingressNginx.controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) | | ingressNginx.controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| ingressNginx.controller.image.tag | string | `"v1.12.2"` | | +| ingressNginx.controller.image.tag | string | `"v1.12.3"` | | | ingressNginx.controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | ingressNginx.controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | ingressNginx.controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | @@ -368,7 +368,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: ingress-nginx path: '' helm: diff --git a/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz b/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz deleted file mode 100644 index 937ad18d..00000000 Binary files a/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz and /dev/null differ diff --git a/charts/ingress-nginx/charts/ingress-nginx-4.12.3.tgz b/charts/ingress-nginx/charts/ingress-nginx-4.12.3.tgz new file mode 100644 index 00000000..294466ea Binary files /dev/null and b/charts/ingress-nginx/charts/ingress-nginx-4.12.3.tgz differ diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 4022f0da..9e01d02b 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -47,9 +47,9 @@ ingressNginx: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.12.2" - digest: sha256:03497ee984628e95eca9b2279e3f3a3c1685dd48635479e627d219f00c8eefa9 - digestChroot: sha256:a697e2bfa419768315250d079ccbbca45f6099c60057769702b912d20897a574 + tag: "v1.12.3" + digest: sha256:ac444cd9515af325ba577b596fe4f27a34be1aa330538e8b317ad9d6c8fb94ee + digestChroot: sha256:d830fba93e9e0f5ef1462f5fe8a7cd7b167178b79e6c10c041c7da19f1ac66ab pullPolicy: IfNotPresent runAsNonRoot: true # -- This value must not be changed using the official image. @@ -813,8 +813,8 @@ ingressNginx: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.5.3 - digest: sha256:2cf4ebfa82a37c357455458f6dfc334aea1392d508270b2517795a9933a02524 + tag: v1.5.4 + digest: sha256:7a38cf0f8480775baaee71ab519c7465fd1dfeac66c421f28f087786e631456e pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index f988a640..ffc47733 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kube-prometheus-stack repository: https://prometheus-community.github.io/helm-charts - version: 72.3.1 -digest: sha256:0fa4db9176dd8b6927926ad48aefd95ae8ca6c7205f0b6fda94c18841017b934 -generated: "2025-05-14T10:23:41.25331317Z" + version: 75.6.0 +digest: sha256:b7b1201c41983cedb8dc8a5346ac12256df48f359e7627325573d3140bfc84e1 +generated: "2025-06-25T10:26:11.51687898Z" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index aa159653..69101231 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.2 appVersion: "v0.80.1" dependencies: - name: kube-prometheus-stack - version: 72.3.1 + version: 75.6.0 repository: "https://prometheus-community.github.io/helm-charts" alias: kubePrometheusStack diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index d124e9e5..3a6e62a3 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -1,6 +1,6 @@ # kube-prometheus-stack -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.80.1](https://img.shields.io/badge/AppVersion-v0.80.1-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.80.1](https://img.shields.io/badge/AppVersion-v0.80.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://prometheus-community.github.io/helm-charts | kubePrometheusStack(kube-prometheus-stack) | 72.3.1 | +| https://prometheus-community.github.io/helm-charts | kubePrometheusStack(kube-prometheus-stack) | 75.6.0 | ## Description @@ -22,6 +22,8 @@ A Helm chart for Kubernetes | Key | Type | Default | Description | |-----|------|---------|-------------| | kubePrometheusStack.additionalPrometheusRulesMap | object | `{}` | | +| kubePrometheusStack.alertmanager.additionalLabels | object | `{}` | | +| kubePrometheusStack.alertmanager.alertmanagerSpec.additionalArgs | list | `[]` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalConfig | object | `{}` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalConfigString | string | `""` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalPeers | list | `[]` | | @@ -40,6 +42,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.alertmanagerSpec.containers | list | `[]` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.externalUrl | string | `nil` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.forceEnableClusterMode | bool | `false` | | +| kubePrometheusStack.alertmanager.alertmanagerSpec.image.pullPolicy | string | `"IfNotPresent"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.image.registry | string | `"quay.io"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.image.repository | string | `"prometheus/alertmanager"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.image.sha | string | `""` | | @@ -109,6 +112,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.ingress.annotations | object | `{}` | | | kubePrometheusStack.alertmanager.ingress.enabled | bool | `false` | | | kubePrometheusStack.alertmanager.ingress.hosts | list | `[]` | | +| kubePrometheusStack.alertmanager.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.alertmanager.ingress.labels | object | `{}` | | | kubePrometheusStack.alertmanager.ingress.paths | list | `[]` | | | kubePrometheusStack.alertmanager.ingress.tls | list | `[]` | | @@ -116,6 +120,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.ingressPerReplica.enabled | bool | `false` | | | kubePrometheusStack.alertmanager.ingressPerReplica.hostDomain | string | `""` | | | kubePrometheusStack.alertmanager.ingressPerReplica.hostPrefix | string | `""` | | +| kubePrometheusStack.alertmanager.ingressPerReplica.ingressClassName | string | `""` | | | kubePrometheusStack.alertmanager.ingressPerReplica.labels | object | `{}` | | | kubePrometheusStack.alertmanager.ingressPerReplica.paths | list | `[]` | | | kubePrometheusStack.alertmanager.ingressPerReplica.tlsSecretName | string | `""` | | @@ -136,7 +141,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.networkPolicy.monitoringRules.prometheus | bool | `true` | Enable ingress from Prometheus # | | kubePrometheusStack.alertmanager.networkPolicy.policyTypes | list | `["Ingress"]` | Define policy types. If egress is enabled, both Ingress and Egress will be used Valid values are ["Ingress"] or ["Ingress", "Egress"] # | | kubePrometheusStack.alertmanager.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.alertmanager.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.alertmanager.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.alertmanager.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.alertmanager.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | @@ -327,6 +331,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.defaultRules.additionalRuleGroupLabels.prometheusOperator | object | `{}` | | | kubePrometheusStack.defaultRules.additionalRuleLabels | object | `{}` | | | kubePrometheusStack.defaultRules.annotations | object | `{}` | | +| kubePrometheusStack.defaultRules.appNamespacesOperator | string | `"=~"` | | | kubePrometheusStack.defaultRules.appNamespacesTarget | string | `".*"` | | | kubePrometheusStack.defaultRules.create | bool | `true` | | | kubePrometheusStack.defaultRules.disabled | object | `{}` | | @@ -374,8 +379,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.global.imageRegistry | string | `""` | | | kubePrometheusStack.global.rbac.create | bool | `true` | | | kubePrometheusStack.global.rbac.createAggregateClusterRoles | bool | `false` | | -| kubePrometheusStack.global.rbac.pspAnnotations | object | `{}` | | -| kubePrometheusStack.global.rbac.pspEnabled | bool | `false` | | | kubePrometheusStack.grafana.additionalDataSources | list | `[]` | | | kubePrometheusStack.grafana.adminPassword | string | `"prom-operator"` | | | kubePrometheusStack.grafana.adminUser | string | `"admin"` | | @@ -693,7 +696,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.nodeExporter.operatingSystems.darwin.enabled | bool | `true` | | | kubePrometheusStack.nodeExporter.operatingSystems.linux.enabled | bool | `true` | | | kubePrometheusStack.prometheus-node-exporter.extraArgs[0] | string | `"--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)"` | | -| kubePrometheusStack.prometheus-node-exporter.extraArgs[1] | string | `"--collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$"` | | +| kubePrometheusStack.prometheus-node-exporter.extraArgs[1] | string | `"--collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs|erofs)$"` | | | kubePrometheusStack.prometheus-node-exporter.namespaceOverride | string | `""` | | | kubePrometheusStack.prometheus-node-exporter.podLabels.jobLabel | string | `"node-exporter"` | | | kubePrometheusStack.prometheus-node-exporter.prometheus.monitor.enabled | bool | `true` | | @@ -721,6 +724,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus-windows-exporter.prometheus.monitor.enabled | bool | `true` | | | kubePrometheusStack.prometheus-windows-exporter.prometheus.monitor.jobLabel | string | `"jobLabel"` | | | kubePrometheusStack.prometheus-windows-exporter.releaseLabel | bool | `true` | | +| kubePrometheusStack.prometheus.additionalLabels | object | `{}` | | | kubePrometheusStack.prometheus.additionalPodMonitors | list | `[]` | | | kubePrometheusStack.prometheus.additionalRulesForClusterRole | list | `[]` | | | kubePrometheusStack.prometheus.additionalServiceMonitors | list | `[]` | | @@ -732,6 +736,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.ingress.annotations | object | `{}` | | | kubePrometheusStack.prometheus.ingress.enabled | bool | `false` | | | kubePrometheusStack.prometheus.ingress.hosts | list | `[]` | | +| kubePrometheusStack.prometheus.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.ingress.labels | object | `{}` | | | kubePrometheusStack.prometheus.ingress.paths | list | `[]` | | | kubePrometheusStack.prometheus.ingress.tls | list | `[]` | | @@ -739,6 +744,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.ingressPerReplica.enabled | bool | `false` | | | kubePrometheusStack.prometheus.ingressPerReplica.hostDomain | string | `""` | | | kubePrometheusStack.prometheus.ingressPerReplica.hostPrefix | string | `""` | | +| kubePrometheusStack.prometheus.ingressPerReplica.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.ingressPerReplica.labels | object | `{}` | | | kubePrometheusStack.prometheus.ingressPerReplica.paths | list | `[]` | | | kubePrometheusStack.prometheus.ingressPerReplica.tlsSecretName | string | `""` | | @@ -747,12 +753,8 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.networkPolicy.enabled | bool | `false` | | | kubePrometheusStack.prometheus.networkPolicy.flavor | string | `"kubernetes"` | | | kubePrometheusStack.prometheus.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheus.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheus.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheus.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.allowedCapabilities | list | `[]` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.allowedHostPaths | list | `[]` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.volumes | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertManagerConfigs | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertRelabelConfigs | list | `[]` | | @@ -776,6 +778,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.disableCompaction | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.enableAdminAPI | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.enableFeatures | list | `[]` | | +| kubePrometheusStack.prometheus.prometheusSpec.enableOTLPReceiver | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.enableRemoteWriteReceiver | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.enforcedKeepDroppedTargets | int | `0` | | | kubePrometheusStack.prometheus.prometheusSpec.enforcedLabelLimit | bool | `false` | | @@ -792,10 +795,11 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.hostAliases | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.hostNetwork | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.ignoreNamespaceSelectors | bool | `false` | | +| kubePrometheusStack.prometheus.prometheusSpec.image.pullPolicy | string | `"IfNotPresent"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.registry | string | `"quay.io"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.repository | string | `"prometheus/prometheus"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.sha | string | `""` | | -| kubePrometheusStack.prometheus.prometheusSpec.image.tag | string | `"v3.3.1"` | | +| kubePrometheusStack.prometheus.prometheusSpec.image.tag | string | `"v3.4.1"` | | | kubePrometheusStack.prometheus.prometheusSpec.initContainers | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.listenLocal | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.logFormat | string | `"logfmt"` | | @@ -804,6 +808,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.minReadySeconds | int | `0` | | | kubePrometheusStack.prometheus.prometheusSpec.nameValidationScheme | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.nodeSelector | object | `{}` | | +| kubePrometheusStack.prometheus.prometheusSpec.otlp | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.overrideHonorLabels | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.overrideHonorTimestamps | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.paused | bool | `false` | | @@ -814,6 +819,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.podMonitorNamespaceSelector | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.podMonitorSelector | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues | bool | `true` | | +| kubePrometheusStack.prometheus.prometheusSpec.podTargetLabels | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.portName | string | `"http-web"` | | | kubePrometheusStack.prometheus.prometheusSpec.priorityClassName | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.probeNamespaceSelector | object | `{}` | | @@ -844,6 +850,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.scrapeConfigSelectorNilUsesHelmValues | bool | `true` | | | kubePrometheusStack.prometheus.prometheusSpec.scrapeFailureLogFile | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.scrapeInterval | string | `""` | | +| kubePrometheusStack.prometheus.prometheusSpec.scrapeProtocols | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.scrapeTimeout | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.secrets | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.securityContext.fsGroup | int | `2000` | | @@ -927,6 +934,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.thanosIngress.annotations | object | `{}` | | | kubePrometheusStack.prometheus.thanosIngress.enabled | bool | `false` | | | kubePrometheusStack.prometheus.thanosIngress.hosts | list | `[]` | | +| kubePrometheusStack.prometheus.thanosIngress.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.thanosIngress.labels | object | `{}` | | | kubePrometheusStack.prometheus.thanosIngress.nodePort | int | `30901` | | | kubePrometheusStack.prometheus.thanosIngress.paths | list | `[]` | | @@ -972,7 +980,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.thanosServiceMonitor.metricRelabelings | list | `[]` | | | kubePrometheusStack.prometheus.thanosServiceMonitor.relabelings | list | `[]` | | | kubePrometheusStack.prometheus.thanosServiceMonitor.scheme | string | `""` | | -| kubePrometheusStack.prometheus.thanosServiceMonitor.scrapeProtocols | list | `[]` | | | kubePrometheusStack.prometheus.thanosServiceMonitor.tlsConfig | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.annotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.caBundle | string | `""` | | @@ -1008,7 +1015,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podLabels | object | `{}` | | @@ -1052,6 +1058,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.tolerations | list | `[]` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.enabled | bool | `true` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.failurePolicy | string | `""` | | +| kubePrometheusStack.prometheusOperator.admissionWebhooks.matchConditions | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.mutatingWebhookConfiguration.annotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.namespaceSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.objectSelector | object | `{}` | | @@ -1062,7 +1069,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.repository | string | `"ingress-nginx/kube-webhook-certgen"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.sha | string | `""` | | -| kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.tag | string | `"v1.5.3"` | | +| kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.tag | string | `"v1.5.4"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.priorityClassName | string | `""` | | @@ -1124,7 +1131,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheusOperator.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.prometheusOperator.podLabels | object | `{}` | | @@ -1204,11 +1210,11 @@ A Helm chart for Kubernetes | kubePrometheusStack.thanosRuler.ingress.annotations | object | `{}` | | | kubePrometheusStack.thanosRuler.ingress.enabled | bool | `false` | | | kubePrometheusStack.thanosRuler.ingress.hosts | list | `[]` | | +| kubePrometheusStack.thanosRuler.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.thanosRuler.ingress.labels | object | `{}` | | | kubePrometheusStack.thanosRuler.ingress.paths | list | `[]` | | | kubePrometheusStack.thanosRuler.ingress.tls | list | `[]` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.thanosRuler.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.thanosRuler.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | @@ -1329,7 +1335,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.2" + targetRevision: "0.1.3" chart: kube-prometheus-stack path: '' helm: diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz deleted file mode 100644 index ea520468..00000000 Binary files a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz and /dev/null differ diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-75.6.0.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-75.6.0.tgz new file mode 100644 index 00000000..e4c3b4a7 Binary files /dev/null and b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-75.6.0.tgz differ diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index ac16c284..4d660cb2 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -205,6 +205,11 @@ kubePrometheusStack: prometheusOperator: true windows: true + # Defines the operator for namespace selection in rules + # Use "=~" to include namespaces matching the pattern (default) + # Use "!~" to exclude namespaces matching the pattern + appNamespacesOperator: "=~" + ## Reduce app namespace alert scope appNamespacesTarget: ".*" @@ -334,16 +339,6 @@ kubePrometheusStack: ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateClusterRoles: false - pspEnabled: false - pspAnnotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' ## Global image registry to use if it needs to be overridden for some specific use cases (e.g local registries, custom images, ...) ## @@ -401,6 +396,10 @@ kubePrometheusStack: ## annotations: {} + ## Additional labels for Alertmanager + ## + additionalLabels: {} + ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 ## apiVersion: v2 @@ -501,7 +500,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Alertmanager configuration directives @@ -597,9 +596,7 @@ kubePrometheusStack: ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} @@ -685,9 +682,7 @@ kubePrometheusStack: ingressPerReplica: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -922,6 +917,7 @@ kubePrometheusStack: repository: prometheus/alertmanager tag: v0.28.1 sha: "" + pullPolicy: IfNotPresent ## If true then the user will be responsible to provide a secret with alertmanager configuration ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used @@ -1001,6 +997,9 @@ kubePrometheusStack: # alertmanagerConfigMatcherStrategy: # type: OnNamespace + ## Additional command line arguments to pass to Alertmanager (in addition to those generated by the chart) + additionalArgs: [] + ## Define Log Format # Use logfmt (default) or json logging logFormat: logfmt @@ -1029,7 +1028,7 @@ kubePrometheusStack: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false @@ -1174,15 +1173,15 @@ kubePrometheusStack: clusterAdvertiseAddress: false ## clusterGossipInterval determines interval between gossip attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterGossipInterval: "" ## clusterPeerTimeout determines timeout for cluster peering. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterPeerTimeout: "" ## clusterPushpullInterval determines interval between pushpull attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterPushpullInterval: "" ## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster. @@ -2525,7 +2524,7 @@ kubePrometheusStack: releaseLabel: true extraArgs: - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs|erofs)$ service: portName: http-metrics ipDualStack: @@ -2670,6 +2669,7 @@ kubePrometheusStack: namespaceSelector: {} objectSelector: {} + matchConditions: {} mutatingWebhookConfiguration: annotations: {} @@ -2694,7 +2694,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Number of old replicasets to retain ## @@ -2905,7 +2905,7 @@ kubePrometheusStack: image: registry: registry.k8s.io repository: ingress-nginx/kube-webhook-certgen - tag: v1.5.3 # latest tag: https://github.com/kubernetes/ingress-nginx/blob/main/images/kube-webhook-certgen/TAG + tag: v1.5.4 # latest tag: https://github.com/kubernetes/ingress-nginx/blob/main/images/kube-webhook-certgen/TAG sha: "" pullPolicy: IfNotPresent resources: {} @@ -3096,7 +3096,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Assign a PriorityClassName to pods if set @@ -3388,6 +3388,10 @@ kubePrometheusStack: ## annotations: {} + ## Additional labels for Prometheus + ## + additionalLabels: {} + ## Configure network policy for the prometheus networkPolicy: enabled: false @@ -3489,9 +3493,6 @@ kubePrometheusStack: ## relabel configs to apply to samples before ingestion. relabelings: [] - ## Set default scrapeProtocols for Prometheus instances - ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#scrapeprotocolstring-alias - scrapeProtocols: [] # Service for external access to sidecar # Enabling this creates a service to expose thanos-sidecar outside the cluster. thanosServiceExternal: @@ -3640,16 +3641,14 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow # Ingress exposes thanos sidecar outside the cluster thanosIngress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3697,9 +3696,7 @@ kubePrometheusStack: ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3778,9 +3775,7 @@ kubePrometheusStack: ingressPerReplica: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3816,13 +3811,6 @@ kubePrometheusStack: ## prefix: "prometheus" - ## Configure additional options for default pod security policy for Prometheus - ## ref: https://kubernetes.io/docs/concepts/security/pod-security-policy/ - podSecurityPolicy: - allowedCapabilities: [] - allowedHostPaths: [] - volumes: [] - serviceMonitor: ## If true, create a serviceMonitor for prometheus ## @@ -3907,9 +3895,9 @@ kubePrometheusStack: disableCompaction: false ## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod, - ## If the field isn’t set, the operator mounts the service account token by default. + ## If the field isn't set, the operator mounts the service account token by default. ## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery, - ## It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container. + ## It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. automountServiceAccountToken: true ## APIServerConfig @@ -3948,6 +3936,11 @@ kubePrometheusStack: # caFile: /etc/prometheus/secrets/istio.default/root-cert.pem # certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem + ## PodTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects. + ## + podTargetLabels: [] + # - customlabel + ## Interval between consecutive evaluations. ## evaluationInterval: "" @@ -3956,6 +3949,9 @@ kubePrometheusStack: ## listenLocal: false + ## enableOTLPReceiver enables the OTLP receiver for Prometheus. + enableOTLPReceiver: false + ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. ## This is disabled by default. ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis @@ -3983,6 +3979,14 @@ kubePrometheusStack: enableFeatures: [] # - exemplar-storage + ## https://prometheus.io/docs/guides/opentelemetry + ## + otlp: {} + # promoteResourceAttributes: [] + # keepIdentifyingResourceAttributes: false + # translationStrategy: NoUTF8EscapingWithSuffixes + # convertHistogramsToNHCB: false + ## serviceName: @@ -3991,8 +3995,9 @@ kubePrometheusStack: image: registry: quay.io repository: prometheus/prometheus - tag: v3.3.1 + tag: v3.4.1 sha: "" + pullPolicy: IfNotPresent ## Tolerations for use with node taints ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ @@ -4321,7 +4326,7 @@ kubePrometheusStack: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## Using tmpfs volume ## @@ -4615,7 +4620,7 @@ kubePrometheusStack: hostNetwork: false # HostAlias holds the mapping between IP and hostnames that will be injected - # as an entry in the pod’s hosts file. + # as an entry in the pod's hosts file. hostAliases: [] # - ip: 10.10.0.100 # hostnames: @@ -4627,7 +4632,7 @@ kubePrometheusStack: tracingConfig: {} ## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints. - ## If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role. + ## If set, the value should be either "Endpoints" or "EndpointSlice". If unset, the operator assumes the "Endpoints" role. serviceDiscoveryRole: "" ## Additional configuration which is not covered by the properties above. (passed through tpl) @@ -4645,6 +4650,10 @@ kubePrometheusStack: ## minutes). maximumStartupDurationSeconds: 0 + ## Set default scrapeProtocols for Prometheus instances + ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#scrapeprotocolstring-alias + scrapeProtocols: [] + additionalRulesForClusterRole: [] # - apiGroups: [ "" ] # resources: @@ -4863,15 +4872,13 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} @@ -5137,7 +5144,7 @@ kubePrometheusStack: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## AlertmanagerConfig define configuration for connecting to alertmanager. ## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg. diff --git a/charts/kyverno-policies/Chart.lock b/charts/kyverno-policies/Chart.lock index 4ce80734..a2c28694 100644 --- a/charts/kyverno-policies/Chart.lock +++ b/charts/kyverno-policies/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kyverno-policies repository: https://kyverno.github.io/kyverno/ - version: 3.4.1 -digest: sha256:b89431a68f4f8f139e462342b965ceac69e2e75b17a53008e94b61ecfd3f79c1 -generated: "2025-05-07T10:22:57.488368538Z" + version: 3.4.3 +digest: sha256:64838d6480a009de182039cc151704c2aafb96a1b023edaf638634740062173a +generated: "2025-06-25T10:24:31.660800245Z" diff --git a/charts/kyverno-policies/Chart.yaml b/charts/kyverno-policies/Chart.yaml index 8628e595..a9ad4695 100644 --- a/charts/kyverno-policies/Chart.yaml +++ b/charts/kyverno-policies/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ version: 0.1.1 appVersion: "1.13.4" dependencies: - name: kyverno-policies - version: 3.4.1 + version: 3.4.3 repository: "https://kyverno.github.io/kyverno/" alias: kyvernopolicies maintainers: diff --git a/charts/kyverno-policies/README.md b/charts/kyverno-policies/README.md index 24023ee5..18db3351 100644 --- a/charts/kyverno-policies/README.md +++ b/charts/kyverno-policies/README.md @@ -1,6 +1,6 @@ # kyverno-policies -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kyverno.github.io/kyverno/ | kyvernopolicies(kyverno-policies) | 3.4.1 | +| https://kyverno.github.io/kyverno/ | kyvernopolicies(kyverno-policies) | 3.4.3 | ## Maintainers @@ -30,6 +30,7 @@ A Helm chart for Kubernetes |-----|------|---------|-------------| | kyvernopolicies.autogenControllers | string | `""` | Customize the target Pod controllers for the auto-generated rules. (Eg. `none`, `Deployment`, `DaemonSet,Deployment,StatefulSet`) For more info https://kyverno.io/docs/writing-policies/autogen/. | | kyvernopolicies.background | bool | `true` | Policies background mode | +| kyvernopolicies.customAnnotations | object | `{}` | Additional Annotations. | | kyvernopolicies.customLabels | object | `{}` | Additional labels. | | kyvernopolicies.customPolicies | list | `[]` | Additional custom policies to include. | | kyvernopolicies.failurePolicy | string | `"Fail"` | API server behavior if the webhook fails to respond ('Ignore', 'Fail') For more info: https://kyverno.io/docs/writing-policies/policy-settings/ | @@ -45,7 +46,7 @@ A Helm chart for Kubernetes | kyvernopolicies.policyKind | string | `"ClusterPolicy"` | Policy kind (`ClusterPolicy`, `Policy`) Set to `Policy` if you need namespaced policies and not cluster policies | | kyvernopolicies.policyPreconditions | object | `{}` | Add preconditions to individual policies. Policies with multiple rules can have individual rules excluded by using the name of the rule as the key in the `policyPreconditions` map. | | kyvernopolicies.skipBackgroundRequests | bool | `nil` | SkipBackgroundRequests bypasses admission requests that are sent by the background controller | -| kyvernopolicies.validationAllowExistingViolations | bool | `true` | Validate already existing resources. For more info https://kyverno.io/docs/writing-policies/validate. | +| kyvernopolicies.validationAllowExistingViolations | bool | `true` | Validate already existing resources. For more info https://kyverno.io/docs/policy-types/. | | kyvernopolicies.validationFailureAction | string | `"Audit"` | Validation failure action (`Audit`, `Enforce`). For more info https://kyverno.io/docs/writing-policies/validate. | | kyvernopolicies.validationFailureActionByPolicy | object | `{}` | Define validationFailureActionByPolicy for specific policies. Override the defined `validationFailureAction` with a individual validationFailureAction for individual Policies. | | kyvernopolicies.validationFailureActionOverrides | object | `{"all":[]}` | Define validationFailureActionOverrides for specific policies. The overrides for `all` will apply to all policies. | @@ -75,7 +76,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.1" + targetRevision: "0.1.2" chart: kyverno-policies path: '' helm: diff --git a/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz b/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz deleted file mode 100644 index f9a948ad..00000000 Binary files a/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz and /dev/null differ diff --git a/charts/kyverno-policies/charts/kyverno-policies-3.4.3.tgz b/charts/kyverno-policies/charts/kyverno-policies-3.4.3.tgz new file mode 100644 index 00000000..fea07c47 Binary files /dev/null and b/charts/kyverno-policies/charts/kyverno-policies-3.4.3.tgz differ diff --git a/charts/kyverno-policies/values.yaml b/charts/kyverno-policies/values.yaml index 507647bd..fc7dcc48 100644 --- a/charts/kyverno-policies/values.yaml +++ b/charts/kyverno-policies/values.yaml @@ -58,7 +58,7 @@ kyvernopolicies: # - fluent # -- Validate already existing resources. - # For more info https://kyverno.io/docs/writing-policies/validate. + # For more info https://kyverno.io/docs/policy-types/. validationAllowExistingViolations: true # -- Exclude resources from individual policies. @@ -108,6 +108,9 @@ kyvernopolicies: # -- Name override. nameOverride: + # -- Additional Annotations. + customAnnotations: {} + # -- Additional labels. customLabels: {} diff --git a/charts/kyverno/Chart.lock b/charts/kyverno/Chart.lock index 405959e7..f3b56267 100644 --- a/charts/kyverno/Chart.lock +++ b/charts/kyverno/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kyverno repository: https://kyverno.github.io/kyverno/ - version: 3.4.1 -digest: sha256:91a0bea17ffa77211290f7a569dc9e5f9383814f736c25caea2a07a2b500c2ff -generated: "2025-05-07T10:25:24.475931183Z" + version: 3.4.3 +digest: sha256:78985f6302d4fb9230cca0cfc1acf3fb9008601047ec16265fb37b59d5ccb434 +generated: "2025-06-25T10:24:52.5006331Z" diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml index dbee9a78..06b99086 100644 --- a/charts/kyverno/Chart.yaml +++ b/charts/kyverno/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ version: 0.1.2 appVersion: "1.13.4" dependencies: - name: kyverno - version: 3.4.1 + version: 3.4.3 repository: "https://kyverno.github.io/kyverno/" maintainers: - name: wiemaouadi diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 9c95965b..d68e25ca 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -1,6 +1,6 @@ # kyverno -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kyverno.github.io/kyverno/ | kyverno | 3.4.1 | +| https://kyverno.github.io/kyverno/ | kyverno | 3.4.3 | ## Maintainers @@ -48,6 +48,7 @@ A Helm chart for kyverno | kyverno.admissionController.container.resources.limits | object | `{"memory":"384Mi"}` | Pod resource limits | | kyverno.admissionController.container.resources.requests | object | `{"cpu":"100m","memory":"128Mi"}` | Pod resource requests | | kyverno.admissionController.container.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context | +| kyverno.admissionController.crdWatcher | bool | `false` | Enable/Disable custom resource watcher to invalidate cache | | kyverno.admissionController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. | | kyverno.admissionController.dnsConfig | object | `{}` | `dnsConfig` allows to specify DNS configuration for the pod. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config. | | kyverno.admissionController.dnsPolicy | string | `"ClusterFirst"` | `dnsPolicy` determines the manner in which DNS resolution happens in the cluster. In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. | @@ -332,6 +333,7 @@ A Helm chart for kyverno | kyverno.crds.migration.resources | list | `["cleanuppolicies.kyverno.io","clustercleanuppolicies.kyverno.io","clusterpolicies.kyverno.io","globalcontextentries.kyverno.io","policies.kyverno.io","policyexceptions.kyverno.io","updaterequests.kyverno.io"]` | Resources to migrate | | kyverno.crds.migration.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the hook containers | | kyverno.crds.migration.tolerations | list | `[]` | List of node taints to tolerate | +| kyverno.crds.reportsServer.enabled | bool | `false` | Kyverno reports-server is used in your cluster | | kyverno.customLabels | object | `{}` | Additional labels | | kyverno.existingImagePullSecrets | list | `[]` | Existing Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument | | kyverno.features.admissionReports.enabled | bool | `true` | Enables the feature | @@ -371,6 +373,7 @@ A Helm chart for kyverno | kyverno.fullnameOverride | string | `nil` | Override the expanded name of the chart | | kyverno.global.caCertificates.data | string | `nil` | Global CA certificates to use with Kyverno deployments This value is expected to be one large string of CA certificates Individual controller values will override this global value | | kyverno.global.caCertificates.volume | object | `{}` | Global value to set single volume to be mounted for CA certificates for all deployments. Not used when `.Values.global.caCertificates.data` is defined Individual controller values will override this global value | +| kyverno.global.crdWatcher | bool | `false` | Enable/Disable custom resource watcher to invalidate cache | | kyverno.global.extraEnvVars | list | `[]` | Additional container environment variables to apply to all containers and init containers | | kyverno.global.image.registry | string | `nil` | Global value that allows to set a single image registry across all deployments. When set, it will override any values set under `.image.registry` across the chart. | | kyverno.global.imagePullSecrets | list | `[]` | Global list of Image pull secrets When set, it will override any values set under `imagePullSecrets` under different components across the chart. | @@ -550,7 +553,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.2" + targetRevision: "0.1.3" chart: kyverno path: '' helm: diff --git a/charts/kyverno/charts/kyverno-3.4.1.tgz b/charts/kyverno/charts/kyverno-3.4.1.tgz deleted file mode 100644 index 4cc88c26..00000000 Binary files a/charts/kyverno/charts/kyverno-3.4.1.tgz and /dev/null differ diff --git a/charts/kyverno/charts/kyverno-3.4.3.tgz b/charts/kyverno/charts/kyverno-3.4.3.tgz new file mode 100644 index 00000000..90659f86 Binary files /dev/null and b/charts/kyverno/charts/kyverno-3.4.3.tgz differ diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 98935898..d4ca352d 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -37,6 +37,9 @@ kyverno: # -- Resync period for informers resyncPeriod: 15m + # -- Enable/Disable custom resource watcher to invalidate cache + crdWatcher: false + caCertificates: # -- Global CA certificates to use with Kyverno deployments # This value is expected to be one large string of CA certificates @@ -97,6 +100,10 @@ kyverno: # -- Whether to have Helm install the Kyverno CRDs, if the CRDs are not installed by Helm, they must be added before policies can be created install: true + reportsServer: + # -- Kyverno reports-server is used in your cluster + enabled: false + groups: # -- Install CRDs in group `kyverno.io` @@ -862,6 +869,9 @@ kyverno: # -- Resync period for informers resyncPeriod: 15m + # -- Enable/Disable custom resource watcher to invalidate cache + crdWatcher: false + # -- Additional labels to add to each pod podLabels: {} # example.com/label: foo diff --git a/charts/velero/Chart.lock b/charts/velero/Chart.lock index b32a7e61..99df8ad9 100644 --- a/charts/velero/Chart.lock +++ b/charts/velero/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: velero repository: https://vmware-tanzu.github.io/helm-charts - version: 9.1.2 + version: 10.0.7 - name: gcp-workload-identity repository: https://edixos.github.io/ekp-helm version: 0.1.1 @@ -14,5 +14,5 @@ dependencies: - name: gcp-bucket repository: https://edixos.github.io/ekp-helm version: 0.1.0 -digest: sha256:56dafcc28b5517504b03be7a9549166c131b26251d03d0d55a63954e2c5bf30a -generated: "2025-05-14T10:23:09.920610947Z" +digest: sha256:c8a489480404032c3bf7a8cb4c9ab9b580ce85137c9c3f417885ff73de16ad58 +generated: "2025-06-25T10:24:43.290003171Z" diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml index 2bca7d40..5589a2f5 100644 --- a/charts/velero/Chart.yaml +++ b/charts/velero/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: velero description: A Helm chart for velero type: application -version: 0.1.4 +version: 0.1.5 appVersion: "1.15.2" dependencies: - name: velero - version: 9.1.2 + version: 10.0.7 repository: "https://vmware-tanzu.github.io/helm-charts" - name: gcp-workload-identity version: 0.1.1 diff --git a/charts/velero/README.md b/charts/velero/README.md index c13ca208..f3e66a8b 100644 --- a/charts/velero/README.md +++ b/charts/velero/README.md @@ -1,6 +1,6 @@ # velero -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.15.2](https://img.shields.io/badge/AppVersion-1.15.2-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.15.2](https://img.shields.io/badge/AppVersion-1.15.2-informational?style=flat-square) ## Prerequisites @@ -15,7 +15,7 @@ | https://edixos.github.io/ekp-helm | iamCustomRole(gcp-iam-custom-role) | 0.1.0 | | https://edixos.github.io/ekp-helm | iamPolicyMembers(gcp-iam-policy-members) | 0.1.2 | | https://edixos.github.io/ekp-helm | workloadIdentity(gcp-workload-identity) | 0.1.1 | -| https://vmware-tanzu.github.io/helm-charts | velero | 9.1.2 | +| https://vmware-tanzu.github.io/helm-charts | velero | 10.0.7 | ## Maintainers @@ -53,20 +53,21 @@ A Helm chart for velero | velero.configMaps | object | `{}` | | | velero.configuration.backupStorageLocation[0].accessMode | string | `"ReadWrite"` | | | velero.configuration.backupStorageLocation[0].annotations | object | `{}` | | -| velero.configuration.backupStorageLocation[0].bucket | string | `nil` | | +| velero.configuration.backupStorageLocation[0].bucket | string | `""` | | | velero.configuration.backupStorageLocation[0].caCert | string | `nil` | | | velero.configuration.backupStorageLocation[0].config | object | `{}` | | | velero.configuration.backupStorageLocation[0].credential.key | string | `nil` | | | velero.configuration.backupStorageLocation[0].credential.name | string | `nil` | | -| velero.configuration.backupStorageLocation[0].default | string | `nil` | | +| velero.configuration.backupStorageLocation[0].default | bool | `false` | | | velero.configuration.backupStorageLocation[0].name | string | `nil` | | | velero.configuration.backupStorageLocation[0].prefix | string | `nil` | | -| velero.configuration.backupStorageLocation[0].provider | string | `nil` | | +| velero.configuration.backupStorageLocation[0].provider | string | `""` | | | velero.configuration.backupStorageLocation[0].validationFrequency | string | `nil` | | | velero.configuration.backupSyncPeriod | string | `nil` | | | velero.configuration.clientBurst | string | `nil` | | | velero.configuration.clientPageSize | string | `nil` | | | velero.configuration.clientQPS | string | `nil` | | +| velero.configuration.dataMoverPrepareTimeout | string | `nil` | | | velero.configuration.defaultBackupStorageLocation | string | `nil` | | | velero.configuration.defaultBackupTTL | string | `nil` | | | velero.configuration.defaultItemOperationTimeout | string | `nil` | | @@ -77,7 +78,7 @@ A Helm chart for velero | velero.configuration.disableControllers | string | `nil` | | | velero.configuration.disableInformerCache | bool | `false` | | | velero.configuration.extraArgs | list | `[]` | | -| velero.configuration.extraEnvVars | object | `{}` | | +| velero.configuration.extraEnvVars | list | `[]` | | | velero.configuration.features | string | `nil` | | | velero.configuration.fsBackupTimeout | string | `nil` | | | velero.configuration.garbageCollectionFrequency | string | `nil` | | @@ -101,7 +102,7 @@ A Helm chart for velero | velero.configuration.volumeSnapshotLocation[0].credential.key | string | `nil` | | | velero.configuration.volumeSnapshotLocation[0].credential.name | string | `nil` | | | velero.configuration.volumeSnapshotLocation[0].name | string | `nil` | | -| velero.configuration.volumeSnapshotLocation[0].provider | string | `nil` | | +| velero.configuration.volumeSnapshotLocation[0].provider | string | `""` | | | velero.containerSecurityContext | object | `{}` | | | velero.credentials.existingSecret | string | `nil` | | | velero.credentials.extraEnvVars | object | `{}` | | @@ -116,10 +117,11 @@ A Helm chart for velero | velero.extraVolumeMounts | list | `[]` | | | velero.extraVolumes | list | `[]` | | | velero.fullnameOverride | string | `""` | | +| velero.hostAliases | list | `[]` | | | velero.image.imagePullSecrets | list | `[]` | | | velero.image.pullPolicy | string | `"IfNotPresent"` | | | velero.image.repository | string | `"velero/velero"` | | -| velero.image.tag | string | `"v1.16.0"` | | +| velero.image.tag | string | `"v1.16.1"` | | | velero.initContainers | string | `nil` | | | velero.kubectl.annotations | object | `{}` | | | velero.kubectl.containerSecurityContext | object | `{}` | | @@ -153,7 +155,11 @@ A Helm chart for velero | velero.metrics.scrapeInterval | string | `"30s"` | | | velero.metrics.scrapeTimeout | string | `"10s"` | | | velero.metrics.service.annotations | object | `{}` | | +| velero.metrics.service.externalTrafficPolicy | string | `""` | | +| velero.metrics.service.internalTrafficPolicy | string | `""` | | | velero.metrics.service.labels | object | `{}` | | +| velero.metrics.service.nodePort | string | `nil` | | +| velero.metrics.service.type | string | `"ClusterIP"` | | | velero.metrics.serviceMonitor.additionalLabels | object | `{}` | | | velero.metrics.serviceMonitor.annotations | object | `{}` | | | velero.metrics.serviceMonitor.autodetect | bool | `true` | | @@ -166,9 +172,10 @@ A Helm chart for velero | velero.nodeAgent.dnsConfig | object | `{}` | | | velero.nodeAgent.dnsPolicy | string | `"ClusterFirst"` | | | velero.nodeAgent.extraArgs | list | `[]` | | -| velero.nodeAgent.extraEnvVars | object | `{}` | | +| velero.nodeAgent.extraEnvVars | list | `[]` | | | velero.nodeAgent.extraVolumeMounts | list | `[]` | | | velero.nodeAgent.extraVolumes | list | `[]` | | +| velero.nodeAgent.hostAliases | list | `[]` | | | velero.nodeAgent.labels | object | `{}` | | | velero.nodeAgent.lifecycle | object | `{}` | | | velero.nodeAgent.nodeSelector | object | `{}` | | @@ -213,7 +220,7 @@ A Helm chart for velero | velero.tolerations | list | `[]` | | | velero.upgradeCRDs | bool | `true` | | | velero.upgradeCRDsJob.automountServiceAccountToken | bool | `true` | | -| velero.upgradeCRDsJob.extraEnvVars | object | `{}` | | +| velero.upgradeCRDsJob.extraEnvVars | list | `[]` | | | velero.upgradeCRDsJob.extraVolumeMounts | list | `[]` | | | velero.upgradeCRDsJob.extraVolumes | list | `[]` | | | velero.upgradeJobResources | object | `{}` | | @@ -244,7 +251,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.4" + targetRevision: "0.1.5" chart: velero path: '' helm: diff --git a/charts/velero/charts/velero-10.0.7.tgz b/charts/velero/charts/velero-10.0.7.tgz new file mode 100644 index 00000000..08aa1512 Binary files /dev/null and b/charts/velero/charts/velero-10.0.7.tgz differ diff --git a/charts/velero/charts/velero-9.1.2.tgz b/charts/velero/charts/velero-9.1.2.tgz deleted file mode 100644 index 14de8687..00000000 Binary files a/charts/velero/charts/velero-9.1.2.tgz and /dev/null differ diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index 33574af6..4031a1fa 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -43,7 +43,7 @@ velero: # enabling node-agent). Required. image: repository: velero/velero - tag: v1.16.0 + tag: v1.16.1 # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. # If used, it will take precedence over the image.tag. # digest: @@ -91,6 +91,14 @@ velero: # cpu: 1000m # memory: 512Mi + # Configure hostAliases for Velero deployment. Optional + # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # Resource requests/limits to specify for the upgradeCRDs job pod. Need to be adjusted by user accordingly. upgradeJobResources: {} # requests: @@ -104,8 +112,18 @@ velero: extraVolumes: [] # Extra volumeMounts for the Upgrade CRDs Job. Optional. extraVolumeMounts: [] - # Extra key/value pairs to be used as environment variables. Optional. - extraEnvVars: {} + # Additional values to be used as environment variables. Optional. + extraEnvVars: [] + # Simple value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] + # Configure if API credential for Service Account is automounted. automountServiceAccountToken: true # Configure the shell cmd in case you are using custom image @@ -120,7 +138,7 @@ velero: # If the value is a string then it is evaluated as a template. initContainers: # - name: velero-plugin-for-aws - # image: velero/velero-plugin-for-aws:v1.10.0 + # image: velero/velero-plugin-for-aws:v1.12.1 # imagePullPolicy: IfNotPresent # volumeMounts: # - mountPath: /target @@ -230,7 +248,14 @@ velero: # service metdata if metrics are enabled service: annotations: {} + type: ClusterIP labels: {} + nodePort: null + + # External/Internal traffic policy setting (Cluster, Local) + # https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies + externalTrafficPolicy: "" + internalTrafficPolicy: "" # Pod annotations for Prometheus podAnnotations: @@ -339,15 +364,15 @@ velero: # a backup storage location will be created with the name "default". Optional. - name: # provider is the name for the backup storage location provider. - provider: + provider: "" # bucket is the name of the bucket to store backups in. Required. - bucket: + bucket: "" # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. caCert: # prefix is the directory under which all Velero data should be stored within the bucket. Optional. prefix: # default indicates this location is the default backup storage location. Optional. - default: + default: false # validationFrequency defines how frequently Velero should validate the object storage. Optional. validationFrequency: # accessMode determines if velero can write to this backup storage location. Optional. @@ -383,10 +408,11 @@ velero: # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice. # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/ volumeSnapshotLocation: - # name is the name of the volume snapshot location where snapshots are being taken. Required. + # name is the name of the volume snapshot location where snapshots are being taken. If a name is not provided, + # a volume snapshot location will be created with the name "default". Optional. - name: # provider is the name for the volume snapshot provider. - provider: + provider: "" credential: # name of the secret used by this volumeSnapshotLocation. name: @@ -463,6 +489,8 @@ velero: # Comma separated list of velero feature flags. default: empty # features: EnableCSI features: + # Configures the timeout for provisioning the volume created from the CSI snapshot. Default: 30m + dataMoverPrepareTimeout: # Resource requests/limits to specify for the repository-maintenance job. Optional. # https://velero.io/docs/v1.14/repository-maintenance/#resource-limitation repositoryMaintenanceJob: @@ -480,8 +508,17 @@ velero: # e.g.: extraArgs: ["--foo=bar"] extraArgs: [] - # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'" - extraEnvVars: {} + # Additional values to be used as environment variables. Optional. + extraEnvVars: [] + # Simple value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] # Set true for backup all pod volumes without having to apply annotation on the pod when used file system backup Default: false. defaultVolumesToFsBackup: @@ -600,8 +637,17 @@ velero: # Extra volumeMounts for the node-agent daemonset. Optional. extraVolumeMounts: [] - # Key/value pairs to be used as environment variables for the node-agent daemonset. Optional. - extraEnvVars: {} + # Additional values to be used as environment variables for node-agent daemonset. Optional. + extraEnvVars: [] + # Simple key/value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] # Additional command-line arguments that will be passed to the node-agent. Optional. # e.g.: extraArgs: ["--foo=bar"] @@ -611,6 +657,14 @@ velero: # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy dnsPolicy: ClusterFirst + # Configure hostAliases for node-agent daemonset. Optional + # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # SecurityContext to use for the Velero deployment. Optional. # Set fsGroup for `AWS IAM Roles for Service Accounts` # see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html