diff --git a/charts/alertmanager/Chart.lock b/charts/alertmanager/Chart.lock index b605e7b7..a72013f2 100644 --- a/charts/alertmanager/Chart.lock +++ b/charts/alertmanager/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: oauth2-proxy repository: https://oauth2-proxy.github.io/manifests - version: 10.4.2 -digest: sha256:5893853b0d9c71c94264bf3515f076e955cc3ae7e1f952296c77af3b92de25c3 -generated: "2026-04-01T17:05:49.680597781Z" + version: 10.4.3 +digest: sha256:7db17c7d333edef7e20d1a3220b1746850d7833329eec9fd44eaef0882a42477 +generated: "2026-04-22T11:08:31.507850118Z" diff --git a/charts/alertmanager/Chart.yaml b/charts/alertmanager/Chart.yaml index a8b72b9c..ea410d71 100644 --- a/charts/alertmanager/Chart.yaml +++ b/charts/alertmanager/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Deploies Alertmanager through Prometheus-Operator name: alertmanager -version: 0.1.7 +version: 0.1.8 appVersion: "v0.27.0" maintainers: - name: ilyasabdellaoui @@ -9,7 +9,7 @@ maintainers: url: https://github.com/ilyasabdellaoui dependencies: - name: oauth2-proxy - version: 10.4.2 + version: 10.4.3 repository: https://oauth2-proxy.github.io/manifests alias: oidc condition: oidc.enabled diff --git a/charts/alertmanager/README.md b/charts/alertmanager/README.md index df89363c..4e7729e8 100644 --- a/charts/alertmanager/README.md +++ b/charts/alertmanager/README.md @@ -1,6 +1,6 @@ # alertmanager -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![AppVersion: v0.27.0](https://img.shields.io/badge/AppVersion-v0.27.0-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![AppVersion: v0.27.0](https://img.shields.io/badge/AppVersion-v0.27.0-informational?style=flat-square) ---- @@ -17,7 +17,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://oauth2-proxy.github.io/manifests | oidc(oauth2-proxy) | 10.4.2 | +| https://oauth2-proxy.github.io/manifests | oidc(oauth2-proxy) | 10.4.3 | ## Maintainers @@ -319,7 +319,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.7" + targetRevision: "0.1.8" chart: alertmanager path: '' diff --git a/charts/alertmanager/charts/oauth2-proxy-10.4.2.tgz b/charts/alertmanager/charts/oauth2-proxy-10.4.2.tgz deleted file mode 100644 index 5b2c1b17..00000000 Binary files a/charts/alertmanager/charts/oauth2-proxy-10.4.2.tgz and /dev/null differ diff --git a/charts/alertmanager/charts/oauth2-proxy-10.4.3.tgz b/charts/alertmanager/charts/oauth2-proxy-10.4.3.tgz new file mode 100644 index 00000000..a7d6a2ac Binary files /dev/null and b/charts/alertmanager/charts/oauth2-proxy-10.4.3.tgz differ diff --git a/charts/argocd/Chart.lock b/charts/argocd/Chart.lock index f51e9089..d935eb54 100644 --- a/charts/argocd/Chart.lock +++ b/charts/argocd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm - version: 9.4.17 -digest: sha256:17b40fe3d4fa0a137a99ee252e0e59fd58b952f4673422da0a65fd3a9bfb26b7 -generated: "2026-04-01T17:06:00.736260115Z" + version: 9.5.3 +digest: sha256:0b6683671719223dc6a3a117b868ed1c1d01e1e43ab26122c150c0b9df7cbdb5 +generated: "2026-04-22T11:08:44.129032203Z" diff --git a/charts/argocd/Chart.yaml b/charts/argocd/Chart.yaml index 1eb555b9..3a1479c9 100644 --- a/charts/argocd/Chart.yaml +++ b/charts/argocd/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: argocd description: A Helm chart for Kubernetes type: application -version: 0.1.13 -appVersion: "v3.3.6" +version: 0.1.14 +appVersion: "v3.3.8" dependencies: - name: argo-cd - version: 9.4.17 + version: 9.5.3 repository: "https://argoproj.github.io/argo-helm" alias: argocd maintainers: diff --git a/charts/argocd/README.md b/charts/argocd/README.md index 7ba3c20a..bf901a74 100644 --- a/charts/argocd/README.md +++ b/charts/argocd/README.md @@ -1,6 +1,6 @@ # argocd -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.3.6](https://img.shields.io/badge/AppVersion-v3.3.6-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.3.8](https://img.shields.io/badge/AppVersion-v3.3.8-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argocd(argo-cd) | 9.4.17 | +| https://argoproj.github.io/argo-helm | argocd(argo-cd) | 9.5.3 | ## Maintainers @@ -135,6 +135,11 @@ A Helm chart for Kubernetes | argocd.applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | argocd.applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | argocd.applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | +| argocd.applicationSet.vpa.annotations | object | `{}` | Annotations to be added to ApplicationSet controller vpa | +| argocd.applicationSet.vpa.containerPolicy | object | `{}` | Controls how VPA computes the recommended resources for ApplicationSet controller container # Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml | +| argocd.applicationSet.vpa.enabled | bool | `false` | Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the ApplicationSet controller | +| argocd.applicationSet.vpa.labels | object | `{}` | Labels to be added to ApplicationSet controller vpa | +| argocd.applicationSet.vpa.updateMode | string | `"Initial"` | One of the VPA operation modes # Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically # Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden | | argocd.commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | argocd.commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | | argocd.commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | @@ -189,6 +194,11 @@ A Helm chart for Kubernetes | argocd.commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | | argocd.commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | argocd.commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | +| argocd.commitServer.vpa.annotations | object | `{}` | Annotations to be added to commit server vpa | +| argocd.commitServer.vpa.containerPolicy | object | `{}` | Controls how VPA computes the recommended resources for commit server container # Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml | +| argocd.commitServer.vpa.enabled | bool | `false` | Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the commit server | +| argocd.commitServer.vpa.labels | object | `{}` | Labels to be added to commit server vpa | +| argocd.commitServer.vpa.updateMode | string | `"Initial"` | One of the VPA operation modes # Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically # Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden | | argocd.configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] # Ref: # - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters # - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials # - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters | | argocd.configs.cm."admin.enabled" | bool | `true` | Enable local admin user # Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user | | argocd.configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | @@ -433,6 +443,11 @@ A Helm chart for Kubernetes | argocd.dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | | argocd.dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | | argocd.dex.volumes | list | `[]` | Additional volumes to the dex pod | +| argocd.dex.vpa.annotations | object | `{}` | Annotations to be added to Dex server vpa | +| argocd.dex.vpa.containerPolicy | object | `{}` | Controls how VPA computes the recommended resources for Dex server container # Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml | +| argocd.dex.vpa.enabled | bool | `false` | Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Dex server | +| argocd.dex.vpa.labels | object | `{}` | Labels to be added to Dex server vpa | +| argocd.dex.vpa.updateMode | string | `"Initial"` | One of the VPA operation modes # Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically # Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden | | argocd.externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored | | argocd.externalRedis.host | string | `""` | External Redis server host | | argocd.externalRedis.password | string | `""` | External Redis password | @@ -562,6 +577,11 @@ A Helm chart for Kubernetes | argocd.notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | | argocd.notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | | argocd.notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/ | +| argocd.notifications.vpa.annotations | object | `{}` | Annotations to be added to notifications controller vpa | +| argocd.notifications.vpa.containerPolicy | object | `{}` | Controls how VPA computes the recommended resources for notifications controller container # Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml | +| argocd.notifications.vpa.enabled | bool | `false` | Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the notifications controller | +| argocd.notifications.vpa.labels | object | `{}` | Labels to be added to notifications controller vpa | +| argocd.notifications.vpa.updateMode | string | `"Initial"` | One of the VPA operation modes # Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically # Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden | | argocd.openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | | argocd.redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | argocd.redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | @@ -688,6 +708,11 @@ A Helm chart for Kubernetes | argocd.redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | | argocd.redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | | argocd.redis.volumes | list | `[]` | Additional volumes to the redis pod | +| argocd.redis.vpa.annotations | object | `{}` | Annotations to be added to Redis vpa | +| argocd.redis.vpa.containerPolicy | object | `{}` | Controls how VPA computes the recommended resources for Redis container # Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml | +| argocd.redis.vpa.enabled | bool | `false` | Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Redis | +| argocd.redis.vpa.labels | object | `{}` | Labels to be added to Redis vpa | +| argocd.redis.vpa.updateMode | string | `"Initial"` | One of the VPA operation modes # Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically # Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden | | argocd.redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | | argocd.redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | argocd.redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | @@ -730,6 +755,7 @@ A Helm chart for Kubernetes | argocd.repoServer.containerPorts.metrics | int | `8084` | Metrics container port | | argocd.repoServer.containerPorts.server | int | `8081` | Repo server container port | | argocd.repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | +| argocd.repoServer.copyutil.extraArgs | string | `"--update=none"` | Extra arguments for the cp command in the repo server copyutil initContainer | | argocd.repoServer.copyutil.resources | object | `{}` | Resource limits and requests for the repo server copyutil initContainer | | argocd.repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | | argocd.repoServer.deploymentLabels | object | `{}` | Labels for the repo server Deployment | @@ -811,6 +837,11 @@ A Helm chart for Kubernetes | argocd.repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | | argocd.repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container | | argocd.repoServer.volumes | list | `[]` | Additional volumes to the repo server pod | +| argocd.repoServer.vpa.annotations | object | `{}` | Annotations to be added to repo server vpa | +| argocd.repoServer.vpa.containerPolicy | object | `{}` | Controls how VPA computes the recommended resources for repo server container # Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml | +| argocd.repoServer.vpa.enabled | bool | `false` | Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the repo server | +| argocd.repoServer.vpa.labels | object | `{}` | Labels to be added to repo server vpa | +| argocd.repoServer.vpa.updateMode | string | `"Initial"` | One of the VPA operation modes # Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically # Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden | | argocd.server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | argocd.server.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | | argocd.server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | @@ -863,7 +894,7 @@ A Helm chart for Kubernetes | argocd.server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD # Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension | | argocd.server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | | argocd.server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | -| argocd.server.extensions.image.tag | string | `"v0.0.9"` | Tag to use for extension installer image | +| argocd.server.extensions.image.tag | string | `"v1.0.0"` | Tag to use for extension installer image | | argocd.server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | argocd.server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | argocd.server.extraContainers | list | `[]` | Additional containers to be added to the server pod # Note: Supports use of custom Helm templates | @@ -994,6 +1025,11 @@ A Helm chart for Kubernetes | argocd.server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | | argocd.server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | | argocd.server.volumes | list | `[]` | Additional volumes to the server pod | +| argocd.server.vpa.annotations | object | `{}` | Annotations to be added to Argo CD server vpa | +| argocd.server.vpa.containerPolicy | object | `{}` | Controls how VPA computes the recommended resources for Argo CD server container # Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml | +| argocd.server.vpa.enabled | bool | `false` | Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Argo CD server | +| argocd.server.vpa.labels | object | `{}` | Labels to be added to Argo CD server vpa | +| argocd.server.vpa.updateMode | string | `"Initial"` | One of the VPA operation modes # Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically # Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden | | prometheus.enabled | bool | `false` | Enables Prometheus Operator monitoring | | prometheus.grafanaDashboard.enabled | bool | `true` | Add grafana dashboard as a configmap | | prometheus.grafanaDashboard.label | object | `{"grafana_dashboard":"1"}` | label to apply to the config map. Used by Grafana sidecar to automatically install the dashboard | @@ -1026,7 +1062,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.13" + targetRevision: "0.1.14" chart: argocd path: '' helm: diff --git a/charts/argocd/charts/argo-cd-9.4.17.tgz b/charts/argocd/charts/argo-cd-9.4.17.tgz deleted file mode 100644 index cf25af14..00000000 Binary files a/charts/argocd/charts/argo-cd-9.4.17.tgz and /dev/null differ diff --git a/charts/argocd/charts/argo-cd-9.5.3.tgz b/charts/argocd/charts/argo-cd-9.5.3.tgz new file mode 100644 index 00000000..1502cbea Binary files /dev/null and b/charts/argocd/charts/argo-cd-9.5.3.tgz differ diff --git a/charts/argocd/values.yaml b/charts/argocd/values.yaml index 63eb8fd3..e3cc8035 100644 --- a/charts/argocd/values.yaml +++ b/charts/argocd/values.yaml @@ -195,7 +195,6 @@ argocd: # - key: bundle.pem # path: ca-certificates.crt - # -- Extra volume mounts to add to all deployed Deployments and StatefulSets extraVolumeMounts: [] # Example of adding a custom CA bundle mount: @@ -446,7 +445,6 @@ argocd: - ClusterBackgroundScanReport - UpdateRequest - # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: @@ -474,11 +472,11 @@ argocd: # -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). # If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... - policy.default: '' + policy.default: "" # -- File containing user-defined policies and role definitions. # @default -- `''` (See [values.yaml]) - policy.csv: '' + policy.csv: "" # Policy rules are in the form: # p, subject, resource, action, object, effect # Role definitions and bindings are in the form: @@ -541,7 +539,7 @@ argocd: vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H # -- Additional known hosts for private repositories - extraHosts: '' + extraHosts: "" # Repository TLS certificates # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca @@ -728,8 +726,7 @@ argocd: ## Custom secrets. Useful for injecting SSO secrets into environment variables. ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets ## Note that all values must be non-empty. - extra: - {} + extra: {} # LDAP_PASSWORD: "mypassword" # -- Bcrypt hashed admin password @@ -849,7 +846,6 @@ argocd: # cpu: 1 # memory: 1Gi - ## Application controller image image: # -- Repository to use for the application controller @@ -969,7 +965,7 @@ argocd: type: RuntimeDefault capabilities: drop: - - ALL + - ALL # Readiness probe for application controller ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ @@ -1203,6 +1199,30 @@ argocd: ## Has higher precedence over `dex.pdb.minAvailable` maxUnavailable: "" + ## Dex Vertical Pod Autoscaler + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ + vpa: + # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Dex server + enabled: false + # -- Labels to be added to Dex server vpa + labels: {} + # -- Annotations to be added to Dex server vpa + annotations: {} + # -- One of the VPA operation modes + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically + ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden + updateMode: Initial + # -- Controls how VPA computes the recommended resources for Dex server container + ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml + containerPolicy: {} + # controlledResources: ["cpu", "memory"] + # minAllowed: + # cpu: 250m + # memory: 256Mi + # maxAllowed: + # cpu: 1 + # memory: 1Gi + ## Dex image image: # -- Dex image repository @@ -1281,11 +1301,11 @@ argocd: # -- Annotations to be added to argocd-dex-server-tls secret annotations: {} # -- Certificate authority. Required for self-signed certificates. - ca: '' + ca: "" # -- Certificate private key - key: '' + key: "" # -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) - crt: '' + crt: "" # -- Annotations to be added to the Dex server Deployment deploymentAnnotations: {} @@ -1334,7 +1354,7 @@ argocd: type: RuntimeDefault capabilities: drop: - - ALL + - ALL ## Probes for Dex server ## Supported from Dex >= 2.28.0 @@ -1478,6 +1498,30 @@ argocd: ## Has higher precedence over `redis.pdb.minAvailable` maxUnavailable: "" + ## Redis Vertical Pod Autoscaler + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ + vpa: + # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Redis + enabled: false + # -- Labels to be added to Redis vpa + labels: {} + # -- Annotations to be added to Redis vpa + annotations: {} + # -- One of the VPA operation modes + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically + ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden + updateMode: Initial + # -- Controls how VPA computes the recommended resources for Redis container + ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml + containerPolicy: {} + # controlledResources: ["cpu", "memory"] + # minAllowed: + # cpu: 250m + # memory: 256Mi + # maxAllowed: + # cpu: 1 + # memory: 1Gi + ## Redis image image: # -- Redis repository @@ -1515,7 +1559,7 @@ argocd: type: RuntimeDefault capabilities: drop: - - ALL + - ALL ## Probes for Redis exporter (optional) ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ @@ -1666,7 +1710,7 @@ argocd: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL # -- Redis service port servicePort: 6379 @@ -2026,6 +2070,30 @@ argocd: ## Has higher precedence over `server.pdb.minAvailable` maxUnavailable: "" + ## Argo CD server Vertical Pod Autoscaler + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ + vpa: + # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Argo CD server + enabled: false + # -- Labels to be added to Argo CD server vpa + labels: {} + # -- Annotations to be added to Argo CD server vpa + annotations: {} + # -- One of the VPA operation modes + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically + ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden + updateMode: Initial + # -- Controls how VPA computes the recommended resources for Argo CD server container + ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml + containerPolicy: {} + # controlledResources: ["cpu", "memory"] + # minAllowed: + # cpu: 250m + # memory: 256Mi + # maxAllowed: + # cpu: 1 + # memory: 1Gi + ## Argo CD server image image: # -- Repository to use for the Argo CD server @@ -2073,7 +2141,7 @@ argocd: # -- Repository to use for extension installer image repository: "quay.io/argoprojlabs/argocd-extension-installer" # -- Tag to use for extension installer image - tag: "v0.0.9" + tag: "v1.0.0" # -- Image pull policy for extensions # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -2100,7 +2168,7 @@ argocd: type: RuntimeDefault capabilities: drop: - - ALL + - ALL # -- Resource limits and requests for the argocd-extensions container resources: {} @@ -2215,7 +2283,7 @@ argocd: type: RuntimeDefault capabilities: drop: - - ALL + - ALL ## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ @@ -2337,9 +2405,9 @@ argocd: # -- Labels to be added to argocd-server-tls secret labels: {} # -- Private Key of the certificate - key: '' + key: "" # -- Certificate data - crt: '' + crt: "" ## Server service configuration service: @@ -2816,6 +2884,30 @@ argocd: ## Has higher precedence over `repoServer.pdb.minAvailable` maxUnavailable: "" + ## Repo server Vertical Pod Autoscaler + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ + vpa: + # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the repo server + enabled: false + # -- Labels to be added to repo server vpa + labels: {} + # -- Annotations to be added to repo server vpa + annotations: {} + # -- One of the VPA operation modes + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically + ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden + updateMode: Initial + # -- Controls how VPA computes the recommended resources for repo server container + ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml + containerPolicy: {} + # controlledResources: ["cpu", "memory"] + # minAllowed: + # cpu: 250m + # memory: 256Mi + # maxAllowed: + # cpu: 1 + # memory: 1Gi + ## Repo server image image: # -- Repository to use for the repo server @@ -2898,6 +2990,9 @@ argocd: initContainers: [] copyutil: + # -- Extra arguments for the cp command in the repo server copyutil initContainer + # @default -- `"--update=none"` + extraArgs: "--update=none" # -- Resource limits and requests for the repo server copyutil initContainer resources: {} # limits: @@ -2992,7 +3087,7 @@ argocd: type: RuntimeDefault capabilities: drop: - - ALL + - ALL ## Readiness and liveness probes for Repo Server ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ @@ -3070,11 +3165,11 @@ argocd: # -- Labels to be added to argocd-repo-server-tls secret labels: {} # -- Certificate authority. Required for self-signed certificates. - ca: '' + ca: "" # -- Certificate private key - key: '' + key: "" # -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc) - crt: '' + crt: "" ## Repo server service configuration service: @@ -3205,6 +3300,30 @@ argocd: ## Has higher precedence over `applicationSet.pdb.minAvailable` maxUnavailable: "" + ## ApplicationSet controller Vertical Pod Autoscaler + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ + vpa: + # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the ApplicationSet controller + enabled: false + # -- Labels to be added to ApplicationSet controller vpa + labels: {} + # -- Annotations to be added to ApplicationSet controller vpa + annotations: {} + # -- One of the VPA operation modes + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically + ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden + updateMode: Initial + # -- Controls how VPA computes the recommended resources for ApplicationSet controller container + ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml + containerPolicy: {} + # controlledResources: ["cpu", "memory"] + # minAllowed: + # cpu: 250m + # memory: 256Mi + # maxAllowed: + # cpu: 1 + # memory: 1Gi + ## ApplicationSet controller image image: # -- Repository to use for the ApplicationSet controller @@ -3376,7 +3495,7 @@ argocd: type: RuntimeDefault capabilities: drop: - - ALL + - ALL ## Probes for ApplicationSet controller (optional) ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ @@ -3588,6 +3707,30 @@ argocd: ## Has higher precedence over `notifications.pdb.minAvailable` maxUnavailable: "" + ## Notifications controller Vertical Pod Autoscaler + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ + vpa: + # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the notifications controller + enabled: false + # -- Labels to be added to notifications controller vpa + labels: {} + # -- Annotations to be added to notifications controller vpa + annotations: {} + # -- One of the VPA operation modes + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically + ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden + updateMode: Initial + # -- Controls how VPA computes the recommended resources for notifications controller container + ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml + containerPolicy: {} + # controlledResources: ["cpu", "memory"] + # minAllowed: + # cpu: 250m + # memory: 256Mi + # maxAllowed: + # cpu: 1 + # memory: 1Gi + ## Notifications controller image image: # -- Repository to use for the notifications controller @@ -3674,7 +3817,7 @@ argocd: # email-username: # email-password: - # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/ + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/ metrics: # -- Enables prometheus metrics server @@ -3764,7 +3907,7 @@ argocd: type: RuntimeDefault capabilities: drop: - - ALL + - ALL ## Probes for notifications controller Pods (optional) ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ @@ -4253,7 +4396,7 @@ argocd: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL seccompProfile: type: RuntimeDefault @@ -4323,4 +4466,28 @@ argocd: # -- Default network policy rules used by commit server # @default -- `false` (defaults to global.networkPolicy.create) create: false + + ## Commit server Vertical Pod Autoscaler + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ + vpa: + # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the commit server + enabled: false + # -- Labels to be added to commit server vpa + labels: {} + # -- Annotations to be added to commit server vpa + annotations: {} + # -- One of the VPA operation modes + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically + ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden + updateMode: Initial + # -- Controls how VPA computes the recommended resources for commit server container + ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml + containerPolicy: {} + # controlledResources: ["cpu", "memory"] + # minAllowed: + # cpu: 250m + # memory: 256Mi + # maxAllowed: + # cpu: 1 + # memory: 1Gi securityPolicies: {} diff --git a/charts/cert-manager/Chart.lock b/charts/cert-manager/Chart.lock index a0cc57fa..19008a79 100644 --- a/charts/cert-manager/Chart.lock +++ b/charts/cert-manager/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: cert-manager repository: https://charts.jetstack.io - version: v1.20.1 + version: v1.20.2 - name: gcp-workload-identity repository: https://edixos.github.io/ekp-helm version: 0.1.1 - name: gcp-iam-policy-members repository: https://edixos.github.io/ekp-helm version: 0.1.2 -digest: sha256:d12930a0be4aa748ffabc8f2a3d0744218b5bd8fbfa6867d8a52cac44c36fe36 -generated: "2026-04-01T17:06:11.949880136Z" +digest: sha256:654a221b4eb73f48a2c4e3a5188427b4e85dc39e0828160e5d944eccb13f5cee +generated: "2026-04-22T11:08:55.347582029Z" diff --git a/charts/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml index b816b515..08dec6c5 100644 --- a/charts/cert-manager/Chart.yaml +++ b/charts/cert-manager/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: cert-manager description: A Helm chart for cert-manager type: application -version: 0.1.8 -appVersion: "v1.20.1" +version: 0.1.9 +appVersion: "v1.20.2" maintainers: - name: wiemaouadi email: wiem.aouadi3@gmail.com @@ -13,7 +13,7 @@ maintainers: url: https://github.com/smileisak dependencies: - name: cert-manager - version: "v1.20.1" + version: "v1.20.2" repository: "https://charts.jetstack.io" alias: certmanager - name: gcp-workload-identity diff --git a/charts/cert-manager/README.md b/charts/cert-manager/README.md index 85154d2f..bde4dd74 100644 --- a/charts/cert-manager/README.md +++ b/charts/cert-manager/README.md @@ -1,6 +1,6 @@ # cert-manager -![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.20.1](https://img.shields.io/badge/AppVersion-v1.20.1-informational?style=flat-square) +![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.20.2](https://img.shields.io/badge/AppVersion-v1.20.2-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://charts.jetstack.io | certmanager(cert-manager) | v1.20.1 | +| https://charts.jetstack.io | certmanager(cert-manager) | v1.20.2 | | https://edixos.github.io/ekp-helm | iamPolicyMembers(gcp-iam-policy-members) | 0.1.2 | | https://edixos.github.io/ekp-helm | workloadIdentity(gcp-workload-identity) | 0.1.1 | @@ -317,7 +317,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.8" + targetRevision: "0.1.9" chart: cert-manager path: '' helm: diff --git a/charts/cert-manager/charts/cert-manager-v1.20.1.tgz b/charts/cert-manager/charts/cert-manager-v1.20.1.tgz deleted file mode 100644 index e08f656a..00000000 Binary files a/charts/cert-manager/charts/cert-manager-v1.20.1.tgz and /dev/null differ diff --git a/charts/cert-manager/charts/cert-manager-v1.20.2.tgz b/charts/cert-manager/charts/cert-manager-v1.20.2.tgz new file mode 100644 index 00000000..92e057ac Binary files /dev/null and b/charts/cert-manager/charts/cert-manager-v1.20.2.tgz differ diff --git a/charts/cilium/Chart.lock b/charts/cilium/Chart.lock index 2bfb4001..fc4df37d 100644 --- a/charts/cilium/Chart.lock +++ b/charts/cilium/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: cilium repository: https://helm.cilium.io/ - version: 1.19.2 -digest: sha256:543b515a5715b53a20f4de4e6a8a871a444b26bb9039a22bba53ed3d35728ae6 -generated: "2026-04-01T17:06:27.473577918Z" + version: 1.19.3 +digest: sha256:f6281379c1f40dd1b243c6dd14fc4c74508d435db5e92d0851d152efb2cba545 +generated: "2026-04-22T11:09:10.836013894Z" diff --git a/charts/cilium/Chart.yaml b/charts/cilium/Chart.yaml index 29736d66..c051c05d 100644 --- a/charts/cilium/Chart.yaml +++ b/charts/cilium/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: cilium description: A Helm chart for Kubernetes type: application -version: 0.1.1 -appVersion: "1.19.2" +version: 0.1.2 +appVersion: "1.19.3" dependencies: - name: cilium - version: 1.19.2 + version: 1.19.3 repository: https://helm.cilium.io/ condition: cilium.enabled maintainers: diff --git a/charts/cilium/README.md b/charts/cilium/README.md index ee91145e..43e1c8cd 100644 --- a/charts/cilium/README.md +++ b/charts/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.19.2](https://img.shields.io/badge/AppVersion-1.19.2-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.19.3](https://img.shields.io/badge/AppVersion-1.19.3-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://helm.cilium.io/ | cilium | 1.19.2 | +| https://helm.cilium.io/ | cilium | 1.19.3 | ## Maintainers @@ -63,7 +63,7 @@ A Helm chart for Kubernetes | cilium.authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | cilium.authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true | | cilium.authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. | -| cilium.authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:b3255e7dfbcd10cb367af0d409747d511aeb66dfac98cf30e97e87e4207dd76f","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | +| cilium.authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | | cilium.authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into | | cilium.authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration | | cilium.authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations | @@ -188,7 +188,7 @@ A Helm chart for Kubernetes | cilium.clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | cilium.clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | | cilium.clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. | -| cilium.clustermesh.apiserver.image | object | `{"digest":"sha256:d1f44a78a0d0996ab1841f7564bc6fbd6e242d4ef673a2a8bfdd7385ef68018d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.19.2","useDigest":true}` | Clustermesh API server image. | +| cilium.clustermesh.apiserver.image | object | `{"digest":"sha256:a8136a7615d6c6041d3aa6f2674d17beaec238170d669507ccc05328a778e2b7","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.19.3","useDigest":true}` | Clustermesh API server image. | | cilium.clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance (deprecated - KVStoreMesh will always be enabled once the option is removed). | | cilium.clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | cilium.clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -314,6 +314,10 @@ A Helm chart for Kubernetes | cilium.cni.resources | object | `{"limits":{"cpu":1,"memory":"1Gi"},"requests":{"cpu":"100m","memory":"10Mi"}}` | Specifies the resources for the cni initContainer | | cilium.cni.uninstall | bool | `false` | Remove the CNI configuration and binary files on agent shutdown. Enable this if you're removing Cilium from the cluster. Disable this to prevent the CNI configuration file from being removed during agent upgrade, which can cause nodes to go unmanageable. | | cilium.commonLabels | object | `{}` | commonLabels allows users to add common labels for all Cilium resources. | +| cilium.configDriftDetection | object | `{"driftChecker":true,"enabled":true,"ignoredKeys":[]}` | Configuration for the ConfigMap drift detection feature. When enabled, the agent continuously watches the cilium-config ConfigMap and exposes a cilium_drift_checker_config_delta Prometheus metric reporting the number of keys that differ between the ConfigMap and the agent's active settings. A non-zero value indicates that the agent has not yet applied all current ConfigMap changes and needs to be restarted. | +| cilium.configDriftDetection.driftChecker | bool | `true` | Enable the drift checker which compares the DynamicConfig table against the agent's active settings and publishes the cilium_drift_checker_config_delta metric. | +| cilium.configDriftDetection.enabled | bool | `true` | Enable watching of the cilium-config ConfigMap and reflecting its contents into the agent's internal DynamicConfig table. | +| cilium.configDriftDetection.ignoredKeys | list | `[]` | List of config-map keys to ignore when computing the drift delta. | | cilium.connectivityProbeFrequencyRatio | float64 | `0.5` | Ratio of the connectivity probe frequency vs resource usage, a float in [0, 1]. 0 will give more frequent probing, 1 will give less frequent probing. Probing frequency is dynamically adjusted based on the cluster size. | | cilium.conntrackGCInterval | string | `"0s"` | Configure how frequently garbage collection should occur for the datapath connection tracking table. | | cilium.conntrackGCMaxInterval | string | `""` | Configure the maximum frequency for the garbage collection of the connection tracking table. Only affects the automatic computation for the frequency and has no effect when 'conntrackGCInterval' is set. This can be set to more frequently clean up unused identities created from ToFQDN policies. | @@ -354,7 +358,6 @@ A Helm chart for Kubernetes | cilium.enableMasqueradeRouteSource | bool | `false` | Enables masquerading to the source of the route for traffic leaving the node from endpoints. | | cilium.enableNoServiceEndpointsRoutable | bool | `true` | Enable routing to a service that has zero endpoints | | cilium.enableNonDefaultDenyPolicies | bool | `true` | Enable Non-Default-Deny policies | -| cilium.enableTunnelBIGTCP | bool | `false` | Enable BIG TCP in tunneling mode and increase maximum GRO/GSO limits for VXLAN/GENEVE tunnels | | cilium.enableXTSocketFallback | bool | `true` | Enables the fallback compatibility solution for when the xt_socket kernel module is missing and it is needed for the datapath L7 redirection to work properly. See documentation for details on when this can be disabled: https://docs.cilium.io/en/stable/operations/system_requirements/#linux-kernel. | | cilium.encryption.enabled | bool | `false` | Enable transparent network encryption. | | cilium.encryption.ipsec.encryptedOverlay | bool | `false` | Enable IPsec encrypted overlay | @@ -397,6 +400,7 @@ A Helm chart for Kubernetes | cilium.encryption.ztunnel.updateStrategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | ztunnel update strategy. | | cilium.endpointHealthChecking.enabled | bool | `true` | Enable connectivity health checking between virtual endpoints. | | cilium.endpointLockdownOnMapOverflow | bool | `false` | Enable endpoint lockdown on policy map overflow. | +| cilium.endpointPolicyUpdateTimeoutDuration | string | `nil` | Max duration to wait for envoy to respond to configuration changes. Default "10s". | | cilium.endpointRoutes.enabled | bool | `false` | Enable use of per endpoint routes instead of routing via the cilium_host interface. | | cilium.eni.awsEnablePrefixDelegation | bool | `false` | Enable ENI prefix delegation | | cilium.eni.awsReleaseExcessIPs | bool | `false` | Release IPs not used from the ENI | @@ -440,7 +444,7 @@ A Helm chart for Kubernetes | cilium.envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request | | cilium.envoy.httpUpstreamLingerTimeout | string | `nil` | Time in seconds to block Envoy worker thread while an upstream HTTP connection is closing. If set to 0, the connection is closed immediately (with TCP RST). If set to -1, the connection is closed asynchronously in the background. | | cilium.envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s | -| cilium.envoy.image | object | `{"digest":"sha256:60031f39669542b21aedf05a3317d14e8d3ea48255790af039b315a1c9637361","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.35.9-1773656288-7b052e66eb2cfc5ac130ce0a5be66202a10d83be","useDigest":true}` | Envoy container image. | +| cilium.envoy.image | object | `{"digest":"sha256:ba0ab8adac082d50d525fd2c5ba096c8facea3a471561b7c61c7a5b9c2e0de0d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.36.6-1776000132-2437d2edeaf4d9b56ef279bd0d71127440c067aa","useDigest":true}` | Envoy container image. | | cilium.envoy.initContainers | list | `[]` | Init containers added to the cilium Envoy DaemonSet. | | cilium.envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out | | cilium.envoy.livenessProbe.enabled | bool | `true` | Enable liveness probe for cilium-envoy | @@ -585,7 +589,7 @@ A Helm chart for Kubernetes | cilium.hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | cilium.hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | cilium.hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| cilium.hubble.relay.image | object | `{"digest":"sha256:9987c73bad48c987fd065185535fd15a6717cbe8a8caf7fc7ef0413532cf490e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.19.2","useDigest":true}` | Hubble-relay container image. | +| cilium.hubble.relay.image | object | `{"digest":"sha256:5ee21d57b6ef2aa6db67e603a735fdceb162454b352b7335b651456e308f681b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.19.3","useDigest":true}` | Hubble-relay container image. | | cilium.hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | cilium.hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | cilium.hubble.relay.logOptions | object | `{"format":null,"level":null}` | Logging configuration for hubble-relay. | @@ -703,7 +707,7 @@ A Helm chart for Kubernetes | cilium.identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). | | cilium.identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | | cilium.identityManagementMode | string | `"agent"` | Control whether CiliumIdentities are created by the agent ("agent"), the operator ("operator") or both ("both"). "Both" should be used only to migrate between "agent" and "operator". Operator-managed identities is a beta feature. | -| cilium.image | object | `{"digest":"sha256:7bc7e0be845cae0a70241e622cd03c3b169001c9383dd84329c59ca86a8b1341","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.19.2","useDigest":true}` | Agent container image. | +| cilium.image | object | `{"digest":"sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.19.3","useDigest":true}` | Agent container image. | | cilium.imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images | | cilium.ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | cilium.ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -855,7 +859,7 @@ A Helm chart for Kubernetes | cilium.operator.hostNetwork | bool | `true` | HostNetwork setting | | cilium.operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | cilium.operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| cilium.operator.image | object | `{"alibabacloudDigest":"sha256:90bdedf6b0d3108245f8194f8c69262af2c8d839480f99d2396deed057899142","awsDigest":"sha256:6eaa299ad267d7b8fcb4bb17ee1008b391052e2e35f690b21783b1b23b5c0bf2","azureDigest":"sha256:9c040a57f4584782eda9a91f7cf3292ca5d0fb41d75f4aa41ece29d66e145293","genericDigest":"sha256:e363f4f634c2a66a36e01618734ea17e7b541b949b9a5632f9c180ab16de23f0","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.19.2","useDigest":true}` | cilium-operator image. | +| cilium.operator.image | object | `{"alibabacloudDigest":"sha256:176321a65123373ff8c7823b25183102cbad98375e8d6c80b96d68b6e8491103","awsDigest":"sha256:a53dcbfb77282bf2ddd3abbe60f6d49762e7c1389a36cb35b71d504644a56640","azureDigest":"sha256:699c1571a3df1a98882ee13610d47cffb7b34ee7e8d276096db798a5f6c7e4cb","genericDigest":"sha256:205b09b0ed6accbf9fe688d312a9f0fcfc6a316fc081c23fbffb472af5dd62cd","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.19.3","useDigest":true}` | cilium-operator image. | | cilium.operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | cilium.operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | cilium.operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -913,11 +917,11 @@ A Helm chart for Kubernetes | cilium.preflight.affinity | object | `{"podAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for cilium-preflight | | cilium.preflight.annotations | object | `{}` | Annotations to be added to all top-level preflight objects (resources under templates/cilium-preflight) | | cilium.preflight.enabled | bool | `false` | Enable Cilium pre-flight resources (required for upgrade) | -| cilium.preflight.envoy.image | object | `{"digest":"sha256:60031f39669542b21aedf05a3317d14e8d3ea48255790af039b315a1c9637361","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.35.9-1773656288-7b052e66eb2cfc5ac130ce0a5be66202a10d83be","useDigest":true}` | Envoy pre-flight image. | +| cilium.preflight.envoy.image | object | `{"digest":"sha256:ba0ab8adac082d50d525fd2c5ba096c8facea3a471561b7c61c7a5b9c2e0de0d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.36.6-1776000132-2437d2edeaf4d9b56ef279bd0d71127440c067aa","useDigest":true}` | Envoy pre-flight image. | | cilium.preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | cilium.preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | cilium.preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| cilium.preflight.image | object | `{"digest":"sha256:7bc7e0be845cae0a70241e622cd03c3b169001c9383dd84329c59ca86a8b1341","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.19.2","useDigest":true}` | Cilium pre-flight image. | +| cilium.preflight.image | object | `{"digest":"sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.19.3","useDigest":true}` | Cilium pre-flight image. | | cilium.preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | cilium.preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | cilium.preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | @@ -1054,7 +1058,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.1" + targetRevision: "0.1.2" chart: cilium path: '' helm: diff --git a/charts/cilium/charts/cilium-1.19.2.tgz b/charts/cilium/charts/cilium-1.19.2.tgz deleted file mode 100644 index 086b05be..00000000 Binary files a/charts/cilium/charts/cilium-1.19.2.tgz and /dev/null differ diff --git a/charts/cilium/charts/cilium-1.19.3.tgz b/charts/cilium/charts/cilium-1.19.3.tgz new file mode 100644 index 00000000..0e130672 Binary files /dev/null and b/charts/cilium/charts/cilium-1.19.3.tgz differ diff --git a/charts/cilium/values.yaml b/charts/cilium/values.yaml index 4d52b641..45907052 100644 --- a/charts/cilium/values.yaml +++ b/charts/cilium/values.yaml @@ -227,6 +227,22 @@ cilium: name: cilium # -- Roll out cilium agent pods automatically when configmap is updated. rollOutCiliumPods: false + # -- Configuration for the ConfigMap drift detection feature. + # When enabled, the agent continuously watches the cilium-config ConfigMap + # and exposes a cilium_drift_checker_config_delta Prometheus metric reporting + # the number of keys that differ between the ConfigMap and the agent's active + # settings. A non-zero value indicates that the agent has not yet applied all + # current ConfigMap changes and needs to be restarted. + configDriftDetection: + # -- Enable watching of the cilium-config ConfigMap and reflecting its + # contents into the agent's internal DynamicConfig table. + enabled: true + # -- Enable the drift checker which compares the DynamicConfig table against + # the agent's active settings and publishes the + # cilium_drift_checker_config_delta metric. + driftChecker: true + # -- List of config-map keys to ignore when computing the drift delta. + ignoredKeys: [] # -- Agent container image. image: # @schema @@ -234,10 +250,10 @@ cilium: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.19.2" + tag: "v1.19.3" pullPolicy: "IfNotPresent" # cilium-digest - digest: sha256:7bc7e0be845cae0a70241e622cd03c3b169001c9383dd84329c59ca86a8b1341 + digest: sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 useDigest: true # -- Scheduling configurations for cilium pods scheduling: @@ -1227,6 +1243,8 @@ cilium: endpointHealthChecking: # -- Enable connectivity health checking between virtual endpoints. enabled: true + # -- Max duration to wait for envoy to respond to configuration changes. Default "10s". + endpointPolicyUpdateTimeoutDuration: null endpointRoutes: # @schema # type: [boolean, string] @@ -1690,9 +1708,9 @@ cilium: # @schema override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.19.2" + tag: "v1.19.3" # hubble-relay-digest - digest: sha256:9987c73bad48c987fd065185535fd15a6717cbe8a8caf7fc7ef0413532cf490e + digest: sha256:5ee21d57b6ef2aa6db67e603a735fdceb162454b352b7335b651456e308f681b useDigest: true pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -2404,8 +2422,6 @@ cilium: enableIPv4BIGTCP: false # -- Enables IPv6 BIG TCP support which increases maximum IPv6 GSO/GRO limits for nodes and pods enableIPv6BIGTCP: false - # -- Enable BIG TCP in tunneling mode and increase maximum GRO/GSO limits for VXLAN/GENEVE tunnels - enableTunnelBIGTCP: false nat: # -- Number of the top-k SNAT map connections to track in Cilium statedb. mapStatsEntries: 32 @@ -2716,9 +2732,9 @@ cilium: # @schema override: ~ repository: "quay.io/cilium/cilium-envoy" - tag: "v1.35.9-1773656288-7b052e66eb2cfc5ac130ce0a5be66202a10d83be" + tag: "v1.36.6-1776000132-2437d2edeaf4d9b56ef279bd0d71127440c067aa" pullPolicy: "IfNotPresent" - digest: "sha256:60031f39669542b21aedf05a3317d14e8d3ea48255790af039b315a1c9637361" + digest: "sha256:ba0ab8adac082d50d525fd2c5ba096c8facea3a471561b7c61c7a5b9c2e0de0d" useDigest: true # -- Init containers added to the cilium Envoy DaemonSet. initContainers: [] @@ -3101,15 +3117,15 @@ cilium: # @schema override: ~ repository: "quay.io/cilium/operator" - tag: "v1.19.2" + tag: "v1.19.3" # operator-generic-digest - genericDigest: sha256:e363f4f634c2a66a36e01618734ea17e7b541b949b9a5632f9c180ab16de23f0 + genericDigest: sha256:205b09b0ed6accbf9fe688d312a9f0fcfc6a316fc081c23fbffb472af5dd62cd # operator-azure-digest - azureDigest: sha256:9c040a57f4584782eda9a91f7cf3292ca5d0fb41d75f4aa41ece29d66e145293 + azureDigest: sha256:699c1571a3df1a98882ee13610d47cffb7b34ee7e8d276096db798a5f6c7e4cb # operator-aws-digest - awsDigest: sha256:6eaa299ad267d7b8fcb4bb17ee1008b391052e2e35f690b21783b1b23b5c0bf2 + awsDigest: sha256:a53dcbfb77282bf2ddd3abbe60f6d49762e7c1389a36cb35b71d504644a56640 # operator-alibabacloud-digest - alibabacloudDigest: sha256:90bdedf6b0d3108245f8194f8c69262af2c8d839480f99d2396deed057899142 + alibabacloudDigest: sha256:176321a65123373ff8c7823b25183102cbad98375e8d6c80b96d68b6e8491103 useDigest: true pullPolicy: "IfNotPresent" suffix: "" @@ -3436,9 +3452,9 @@ cilium: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.19.2" + tag: "v1.19.3" # cilium-digest - digest: sha256:7bc7e0be845cae0a70241e622cd03c3b169001c9383dd84329c59ca86a8b1341 + digest: sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 useDigest: true pullPolicy: "IfNotPresent" envoy: @@ -3449,9 +3465,9 @@ cilium: # @schema override: ~ repository: "quay.io/cilium/cilium-envoy" - tag: "v1.35.9-1773656288-7b052e66eb2cfc5ac130ce0a5be66202a10d83be" + tag: "v1.36.6-1776000132-2437d2edeaf4d9b56ef279bd0d71127440c067aa" pullPolicy: "IfNotPresent" - digest: "sha256:60031f39669542b21aedf05a3317d14e8d3ea48255790af039b315a1c9637361" + digest: "sha256:ba0ab8adac082d50d525fd2c5ba096c8facea3a471561b7c61c7a5b9c2e0de0d" useDigest: true # -- The priority class to use for the preflight pod. priorityClassName: "" @@ -3695,9 +3711,9 @@ cilium: # @schema override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.19.2" + tag: "v1.19.3" # clustermesh-apiserver-digest - digest: sha256:d1f44a78a0d0996ab1841f7564bc6fbd6e242d4ef673a2a8bfdd7385ef68018d + digest: sha256:a8136a7615d6c6041d3aa6f2674d17beaec238170d669507ccc05328a778e2b7 useDigest: true pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. @@ -4232,7 +4248,7 @@ cilium: override: ~ repository: "docker.io/library/busybox" tag: "1.37.0" - digest: "sha256:b3255e7dfbcd10cb367af0d409747d511aeb66dfac98cf30e97e87e4207dd76f" + digest: "sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e" useDigest: true pullPolicy: "IfNotPresent" # SPIRE agent configuration diff --git a/charts/cnpg/Chart.lock b/charts/cnpg/Chart.lock index a06c9482..a8fade06 100644 --- a/charts/cnpg/Chart.lock +++ b/charts/cnpg/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: cloudnative-pg repository: https://cloudnative-pg.github.io/charts - version: 0.23.0 -digest: sha256:5d48c41839c3daedbc42dacc4e04d39631e7bcb7292a8333bea729505fe7e9e6 -generated: "2026-04-07T11:24:15.629703+02:00" + version: 0.28.0 +digest: sha256:d64a88877a85c1d6acc041746164571dfd7543202711908d1e15f830062572d2 +generated: "2026-04-22T11:09:26.338734733Z" diff --git a/charts/cnpg/Chart.yaml b/charts/cnpg/Chart.yaml index 3d73368f..4ad9624b 100644 --- a/charts/cnpg/Chart.yaml +++ b/charts/cnpg/Chart.yaml @@ -1,12 +1,11 @@ ---- apiVersion: v2 name: cnpg description: A Helm chart for Kubernetes type: application -version: 0.1.4 +version: 0.1.5 appVersion: "1.29.0" dependencies: - name: cloudnative-pg - version: 0.23.0 + version: 0.28.0 repository: "https://cloudnative-pg.github.io/charts" alias: cnpg diff --git a/charts/cnpg/README.md b/charts/cnpg/README.md index 2e4ce856..9da10ab1 100644 --- a/charts/cnpg/README.md +++ b/charts/cnpg/README.md @@ -1,6 +1,6 @@ # cnpg -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.29.0](https://img.shields.io/badge/AppVersion-1.29.0-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.29.0](https://img.shields.io/badge/AppVersion-1.29.0-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://cloudnative-pg.github.io/charts | cnpg(cloudnative-pg) | 0.23.0 | +| https://cloudnative-pg.github.io/charts | cnpg(cloudnative-pg) | 0.28.0 | ## Description @@ -22,13 +22,13 @@ A Helm chart for Kubernetes | Key | Type | Default | Description | |-----|------|---------|-------------| | clusters | list | `[]` | List of CloudNativePG clusters to deploy | -| cnpg.additionalArgs | list | `[]` | Additinal arguments to be added to the operator's args list. | +| cnpg.additionalArgs | list | `[]` | Additional arguments to be added to the operator's args list. | | cnpg.additionalEnv | list | `[]` | Array containing extra environment variables which can be templated. For example: - name: RELEASE_NAME value: "{{ .Release.Name }}" - name: MY_VAR value: "mySpecialKey" | | cnpg.affinity | object | `{}` | Affinity for the operator to be installed. | | cnpg.commonAnnotations | object | `{}` | Annotations to be added to all other resources. | | cnpg.config.clusterWide | bool | `true` | This option determines if the operator is responsible for observing events across the entire Kubernetes cluster or if its focus should be narrowed down to the specific namespace within which it has been deployed. | | cnpg.config.create | bool | `true` | Specifies whether the secret should be created. | -| cnpg.config.data | object | `{}` | The content of the configmap/secret, see https://cloudnative-pg.io/documentation/current/ operator_conf/#available-options for all the available options. | +| cnpg.config.data | object | `{}` | The content of the configmap/secret, see https://cloudnative-pg.io/documentation/current/operator_conf/#available-options for all the available options. | | cnpg.config.maxConcurrentReconciles | int | `10` | The maximum number of concurrent reconciles. Defaults to 10. | | cnpg.config.name | string | `"cnpg-controller-manager-config"` | The name of the configmap/secret to use. | | cnpg.config.secret | bool | `false` | Specifies whether it should be stored in a secret, instead of a configmap. | @@ -46,14 +46,14 @@ A Helm chart for Kubernetes | cnpg.monitoring.grafanaDashboard.create | bool | `false` | | | cnpg.monitoring.grafanaDashboard.labels | object | `{}` | Labels that ConfigMaps should have to get configured in Grafana. | | cnpg.monitoring.grafanaDashboard.namespace | string | `""` | Allows overriding the namespace where the ConfigMap will be created, defaulting to the same one as the Release. | -| cnpg.monitoring.grafanaDashboard.sidecarLabel | string | `"grafana_dashboard"` | Label that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead. | -| cnpg.monitoring.grafanaDashboard.sidecarLabelValue | string | `"1"` | Label value that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead. | +| cnpg.monitoring.grafanaDashboard.sidecarLabel | string | `"grafana_dashboard"` | Label that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead. | +| cnpg.monitoring.grafanaDashboard.sidecarLabelValue | string | `"1"` | Label value that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead. | | cnpg.monitoring.podMonitorAdditionalLabels | object | `{}` | Additional labels for the podMonitor | | cnpg.monitoring.podMonitorEnabled | bool | `false` | Specifies whether the monitoring should be enabled. Requires Prometheus Operator CRDs. | | cnpg.monitoring.podMonitorMetricRelabelings | list | `[]` | Metrics relabel configurations to apply to samples before ingestion. | | cnpg.monitoring.podMonitorRelabelings | list | `[]` | Relabel configurations to apply to samples before scraping. | | cnpg.monitoringQueriesConfigMap.name | string | `"cnpg-default-monitoring"` | The name of the default monitoring configmap. | -| cnpg.monitoringQueriesConfigMap.queries | string | `"backends:\n query: |\n SELECT sa.datname\n , sa.usename\n , sa.application_name\n , states.state\n , COALESCE(sa.count, 0) AS total\n , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds\n FROM ( VALUES ('active')\n , ('idle')\n , ('idle in transaction')\n , ('idle in transaction (aborted)')\n , ('fastpath function call')\n , ('disabled')\n ) AS states(state)\n LEFT JOIN (\n SELECT datname\n , state\n , usename\n , COALESCE(application_name, '') AS application_name\n , COUNT(*)\n , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))),\n 0) AS max_tx_secs\n FROM pg_catalog.pg_stat_activity\n GROUP BY datname, state, usename, application_name\n ) sa ON states.state = sa.state\n WHERE sa.usename IS NOT NULL\n metrics:\n - datname:\n usage: \"LABEL\"\n description: \"Name of the database\"\n - usename:\n usage: \"LABEL\"\n description: \"Name of the user\"\n - application_name:\n usage: \"LABEL\"\n description: \"Name of the application\"\n - state:\n usage: \"LABEL\"\n description: \"State of the backend\"\n - total:\n usage: \"GAUGE\"\n description: \"Number of backends\"\n - max_tx_duration_seconds:\n usage: \"GAUGE\"\n description: >-\n Maximum duration of a transaction in seconds\n\nbackends_waiting:\n query: |\n SELECT count(*) AS total\n FROM pg_catalog.pg_locks blocked_locks\n JOIN pg_catalog.pg_locks blocking_locks\n ON blocking_locks.locktype = blocked_locks.locktype\n AND blocking_locks.database IS NOT DISTINCT FROM\n blocked_locks.database\n AND blocking_locks.relation IS NOT DISTINCT FROM\n blocked_locks.relation\n AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page\n AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple\n AND blocking_locks.virtualxid IS NOT DISTINCT FROM\n blocked_locks.virtualxid\n AND blocking_locks.transactionid IS NOT DISTINCT FROM\n blocked_locks.transactionid\n AND blocking_locks.classid IS NOT DISTINCT FROM\n blocked_locks.classid\n AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid\n AND blocking_locks.objsubid IS NOT DISTINCT FROM\n blocked_locks.objsubid\n AND blocking_locks.pid != blocked_locks.pid\n JOIN pg_catalog.pg_stat_activity blocking_activity\n ON blocking_activity.pid = blocking_locks.pid\n WHERE NOT blocked_locks.granted\n metrics:\n - total:\n usage: \"GAUGE\"\n description: >-\n Total number of backends that are currently waiting on other\n queries\n\npg_database:\n query: |\n SELECT datname\n , pg_catalog.pg_database_size(datname) AS size_bytes\n , pg_catalog.age(datfrozenxid) AS xid_age\n , pg_catalog.mxid_age(datminmxid) AS mxid_age\n FROM pg_catalog.pg_database\n WHERE datallowconn\n metrics:\n - datname:\n usage: \"LABEL\"\n description: \"Name of the database\"\n - size_bytes:\n usage: \"GAUGE\"\n description: \"Disk space used by the database\"\n - xid_age:\n usage: \"GAUGE\"\n description: >-\n Number of transactions from the frozen XID to the current one\n - mxid_age:\n usage: \"GAUGE\"\n description: >-\n Number of multiple transactions (Multixact) from the frozen XID\n to the current one\n\npg_postmaster:\n query: |\n SELECT EXTRACT(EPOCH FROM pg_postmaster_start_time) AS start_time\n FROM pg_catalog.pg_postmaster_start_time()\n metrics:\n - start_time:\n usage: \"GAUGE\"\n description: \"Time at which postgres started (based on epoch)\"\n\npg_replication:\n query: >-\n SELECT CASE WHEN (\n NOT pg_catalog.pg_is_in_recovery()\n OR pg_catalog.pg_last_wal_receive_lsn() =\n pg_catalog.pg_last_wal_replay_lsn())\n THEN 0\n ELSE GREATEST (0,\n EXTRACT(EPOCH FROM (now() -\n pg_catalog.pg_last_xact_replay_timestamp())))\n END AS lag,\n pg_catalog.pg_is_in_recovery() AS in_recovery,\n EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,\n (SELECT count(*) FROM pg_catalog.pg_stat_replication)\n AS streaming_replicas\n metrics:\n - lag:\n usage: \"GAUGE\"\n description: \"Replication lag behind primary in seconds\"\n - in_recovery:\n usage: \"GAUGE\"\n description: \"Whether the instance is in recovery\"\n - is_wal_receiver_up:\n usage: \"GAUGE\"\n description: \"Whether the instance wal_receiver is up\"\n - streaming_replicas:\n usage: \"GAUGE\"\n description: >-\n Number of streaming replicas connected to the instance\n\npg_replication_slots:\n query: |\n SELECT slot_name,\n slot_type,\n database,\n active,\n (CASE pg_catalog.pg_is_in_recovery()\n WHEN TRUE THEN pg_catalog.pg_wal_lsn_diff(\n pg_catalog.pg_last_wal_receive_lsn(), restart_lsn)\n ELSE pg_catalog.pg_wal_lsn_diff(\n pg_catalog.pg_current_wal_lsn(), restart_lsn)\n END) as pg_wal_lsn_diff\n FROM pg_catalog.pg_replication_slots\n WHERE NOT temporary\n metrics:\n - slot_name:\n usage: \"LABEL\"\n description: \"Name of the replication slot\"\n - slot_type:\n usage: \"LABEL\"\n description: \"Type of the replication slot\"\n - database:\n usage: \"LABEL\"\n description: \"Name of the database\"\n - active:\n usage: \"GAUGE\"\n description: \"Flag indicating whether the slot is active\"\n - pg_wal_lsn_diff:\n usage: \"GAUGE\"\n description: \"Replication lag in bytes\"\n\npg_stat_archiver:\n query: |\n SELECT archived_count\n , failed_count\n , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1)\n AS seconds_since_last_archival\n , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1)\n AS seconds_since_last_failure\n , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1)\n AS last_archived_time\n , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1)\n AS last_failed_time\n , COALESCE(CAST(CAST('x'||pg_catalog.right(\n pg_catalog.split_part(last_archived_wal, '.', 1), 16)\n AS pg_catalog.bit(64)) AS pg_catalog.int8), -1)\n AS last_archived_wal_start_lsn\n , COALESCE(CAST(CAST('x'||pg_catalog.right(\n pg_catalog.split_part(last_failed_wal, '.', 1), 16)\n AS pg_catalog.bit(64)) AS pg_catalog.int8), -1)\n AS last_failed_wal_start_lsn\n , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time\n FROM pg_catalog.pg_stat_archiver\n metrics:\n - archived_count:\n usage: \"COUNTER\"\n description: >-\n Number of WAL files that have been successfully archived\n - failed_count:\n usage: \"COUNTER\"\n description: >-\n Number of failed attempts for archiving WAL files\n - seconds_since_last_archival:\n usage: \"GAUGE\"\n description: >-\n Seconds since the last successful archival operation\n - seconds_since_last_failure:\n usage: \"GAUGE\"\n description: >-\n Seconds since the last failed archival operation\n - last_archived_time:\n usage: \"GAUGE\"\n description: >-\n Epoch of the last time WAL archiving succeeded\n - last_failed_time:\n usage: \"GAUGE\"\n description: >-\n Epoch of the last time WAL archiving failed\n - last_archived_wal_start_lsn:\n usage: \"GAUGE\"\n description: \"Archived WAL start LSN\"\n - last_failed_wal_start_lsn:\n usage: \"GAUGE\"\n description: \"Last failed WAL LSN\"\n - stats_reset_time:\n usage: \"GAUGE\"\n description: >-\n Time at which these statistics were last reset\n\npg_stat_bgwriter:\n runonserver: \"<17.0.0\"\n query: |\n SELECT checkpoints_timed\n , checkpoints_req\n , checkpoint_write_time\n , checkpoint_sync_time\n , buffers_checkpoint\n , buffers_clean\n , maxwritten_clean\n , buffers_backend\n , buffers_backend_fsync\n , buffers_alloc\n FROM pg_catalog.pg_stat_bgwriter\n metrics:\n - checkpoints_timed:\n usage: \"COUNTER\"\n description: >-\n Number of scheduled checkpoints that have been performed\n - checkpoints_req:\n usage: \"COUNTER\"\n description: >-\n Number of requested checkpoints that have been performed\n - checkpoint_write_time:\n usage: \"COUNTER\"\n description: >-\n Total amount of time that has been spent in the portion of\n checkpoint processing where files are written to disk, in\n milliseconds\n - checkpoint_sync_time:\n usage: \"COUNTER\"\n description: >-\n Total amount of time that has been spent in the portion of\n checkpoint processing where files are synchronized to disk, in\n milliseconds\n - buffers_checkpoint:\n usage: \"COUNTER\"\n description: >-\n Number of buffers written during checkpoints\n - buffers_clean:\n usage: \"COUNTER\"\n description: >-\n Number of buffers written by the background writer\n - maxwritten_clean:\n usage: \"COUNTER\"\n description: >-\n Number of times the background writer stopped a cleaning scan\n because it had written too many buffers\n - buffers_backend:\n usage: \"COUNTER\"\n description: >-\n Number of buffers written directly by a backend\n - buffers_backend_fsync:\n usage: \"COUNTER\"\n description: >-\n Number of times a backend had to execute its own fsync call\n (normally the background writer handles those even when the\n backend does its own write)\n - buffers_alloc:\n usage: \"COUNTER\"\n description: >-\n Number of buffers allocated\n\npg_stat_bgwriter_17:\n runonserver: \">=17.0.0\"\n name: pg_stat_bgwriter\n query: |\n SELECT buffers_clean\n , maxwritten_clean\n , buffers_alloc\n , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time\n FROM pg_catalog.pg_stat_bgwriter\n metrics:\n - buffers_clean:\n usage: \"COUNTER\"\n description: >-\n Number of buffers written by the background writer\n - maxwritten_clean:\n usage: \"COUNTER\"\n description: >-\n Number of times the background writer stopped a cleaning scan\n because it had written too many buffers\n - buffers_alloc:\n usage: \"COUNTER\"\n description: >-\n Number of buffers allocated\n - stats_reset_time:\n usage: \"GAUGE\"\n description: >-\n Time at which these statistics were last reset\n\npg_stat_checkpointer:\n runonserver: \">=17.0.0\"\n query: |\n SELECT num_timed AS checkpoints_timed\n , num_requested AS checkpoints_req\n , restartpoints_timed\n , restartpoints_req\n , restartpoints_done\n , write_time\n , sync_time\n , buffers_written\n , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time\n FROM pg_catalog.pg_stat_checkpointer\n metrics:\n - checkpoints_timed:\n usage: \"COUNTER\"\n description: >-\n Number of scheduled checkpoints that have been performed\n - checkpoints_req:\n usage: \"COUNTER\"\n description: >-\n Number of requested checkpoints that have been performed\n - restartpoints_timed:\n usage: \"COUNTER\"\n description: >-\n Number of scheduled restartpoints due to timeout or after a\n failed attempt to perform it\n - restartpoints_req:\n usage: \"COUNTER\"\n description: >-\n Number of requested restartpoints that have been performed\n - restartpoints_done:\n usage: \"COUNTER\"\n description: >-\n Number of restartpoints that have been performed\n - write_time:\n usage: \"COUNTER\"\n description: >-\n Total amount of time that has been spent in the portion of\n processing checkpoints and restartpoints where files are written\n to disk, in milliseconds\n - sync_time:\n usage: \"COUNTER\"\n description: >-\n Total amount of time that has been spent in the portion of\n processing checkpoints and restartpoints where files are\n synchronized to disk, in milliseconds\n - buffers_written:\n usage: \"COUNTER\"\n description: >-\n Number of buffers written during checkpoints and restartpoints\n - stats_reset_time:\n usage: \"GAUGE\"\n description: >-\n Time at which these statistics were last reset\n\npg_stat_database:\n query: |\n SELECT datname\n , xact_commit\n , xact_rollback\n , blks_read\n , blks_hit\n , tup_returned\n , tup_fetched\n , tup_inserted\n , tup_updated\n , tup_deleted\n , conflicts\n , temp_files\n , temp_bytes\n , deadlocks\n , blk_read_time\n , blk_write_time\n FROM pg_catalog.pg_stat_database\n metrics:\n - datname:\n usage: \"LABEL\"\n description: \"Name of this database\"\n - xact_commit:\n usage: \"COUNTER\"\n description: >-\n Number of transactions in this database that have been committed\n - xact_rollback:\n usage: \"COUNTER\"\n description: >-\n Number of transactions in this database that have been rolled\n back\n - blks_read:\n usage: \"COUNTER\"\n description: >-\n Number of disk blocks read in this database\n - blks_hit:\n usage: \"COUNTER\"\n description: >-\n Number of times disk blocks were found already in the buffer\n cache, so that a read was not necessary (this only includes hits\n in the PostgreSQL buffer cache, not the operating system's file\n system cache)\n - tup_returned:\n usage: \"COUNTER\"\n description: >-\n Number of rows returned by queries in this database\n - tup_fetched:\n usage: \"COUNTER\"\n description: >-\n Number of rows fetched by queries in this database\n - tup_inserted:\n usage: \"COUNTER\"\n description: >-\n Number of rows inserted by queries in this database\n - tup_updated:\n usage: \"COUNTER\"\n description: >-\n Number of rows updated by queries in this database\n - tup_deleted:\n usage: \"COUNTER\"\n description: >-\n Number of rows deleted by queries in this database\n - conflicts:\n usage: \"COUNTER\"\n description: >-\n Number of queries canceled due to conflicts with recovery in\n this database\n - temp_files:\n usage: \"COUNTER\"\n description: >-\n Number of temporary files created by queries in this database\n - temp_bytes:\n usage: \"COUNTER\"\n description: >-\n Total amount of data written to temporary files by queries in\n this database\n - deadlocks:\n usage: \"COUNTER\"\n description: >-\n Number of deadlocks detected in this database\n - blk_read_time:\n usage: \"COUNTER\"\n description: >-\n Time spent reading data file blocks by backends in this\n database, in milliseconds\n - blk_write_time:\n usage: \"COUNTER\"\n description: >-\n Time spent writing data file blocks by backends in this\n database, in milliseconds\n\npg_stat_replication:\n primary: true\n query: |\n SELECT usename\n , COALESCE(application_name, '') AS application_name\n , COALESCE(client_addr::text, '') AS client_addr\n , COALESCE(client_port::text, '') AS client_port\n , EXTRACT(EPOCH FROM backend_start) AS backend_start\n , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age\n , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(),\n sent_lsn) AS sent_diff_bytes\n , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(),\n write_lsn) AS write_diff_bytes\n , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(),\n flush_lsn) AS flush_diff_bytes\n , COALESCE(pg_catalog.pg_wal_lsn_diff(\n pg_catalog.pg_current_wal_lsn(), replay_lsn),0)\n AS replay_diff_bytes\n , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float\n AS write_lag_seconds\n , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float\n AS flush_lag_seconds\n , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float\n AS replay_lag_seconds\n FROM pg_catalog.pg_stat_replication\n metrics:\n - usename:\n usage: \"LABEL\"\n description: \"Name of the replication user\"\n - application_name:\n usage: \"LABEL\"\n description: \"Name of the application\"\n - client_addr:\n usage: \"LABEL\"\n description: \"Client IP address\"\n - client_port:\n usage: \"LABEL\"\n description: \"Client TCP port\"\n - backend_start:\n usage: \"COUNTER\"\n description: \"Time when this process was started\"\n - backend_xmin_age:\n usage: \"COUNTER\"\n description: \"The age of this standby's xmin horizon\"\n - sent_diff_bytes:\n usage: \"GAUGE\"\n description: >-\n Difference in bytes from the last write-ahead log location sent\n on this connection\n - write_diff_bytes:\n usage: \"GAUGE\"\n description: >-\n Difference in bytes from the last write-ahead log location\n written to disk by this standby server\n - flush_diff_bytes:\n usage: \"GAUGE\"\n description: >-\n Difference in bytes from the last write-ahead log location\n flushed to disk by this standby server\n - replay_diff_bytes:\n usage: \"GAUGE\"\n description: >-\n Difference in bytes from the last write-ahead log location\n replayed into the database on this standby server\n - write_lag_seconds:\n usage: \"GAUGE\"\n description: >-\n Time elapsed between flushing recent WAL locally and receiving\n notification that this standby server has written it\n - flush_lag_seconds:\n usage: \"GAUGE\"\n description: >-\n Time elapsed between flushing recent WAL locally and receiving\n notification that this standby server has written and flushed it\n - replay_lag_seconds:\n usage: \"GAUGE\"\n description: >-\n Time elapsed between flushing recent WAL locally and receiving\n notification that this standby server has written, flushed and\n applied it\n\npg_settings:\n query: |\n SELECT name,\n CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END\n AS setting\n FROM pg_catalog.pg_settings\n WHERE vartype IN ('integer', 'real', 'bool')\n ORDER BY 1\n metrics:\n - name:\n usage: \"LABEL\"\n description: \"Name of the setting\"\n - setting:\n usage: \"GAUGE\"\n description: \"Setting value\"\n"` | A string representation of a YAML defining monitoring queries. | +| cnpg.monitoringQueriesConfigMap.queries | string | `"backends:\n query: |\n SELECT sa.datname\n , sa.usename\n , sa.application_name\n , states.state\n , COALESCE(sa.count, 0) AS total\n , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds\n FROM ( VALUES ('active')\n , ('idle')\n , ('idle in transaction')\n , ('idle in transaction (aborted)')\n , ('fastpath function call')\n , ('disabled')\n ) AS states(state)\n LEFT JOIN (\n SELECT datname\n , state\n , usename\n , COALESCE(application_name, '') AS application_name\n , COUNT(*)\n , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs\n FROM pg_catalog.pg_stat_activity\n GROUP BY datname, state, usename, application_name\n ) sa ON states.state = sa.state\n WHERE sa.usename IS NOT NULL\n metrics:\n - datname:\n usage: \"LABEL\"\n description: \"Name of the database\"\n - usename:\n usage: \"LABEL\"\n description: \"Name of the user\"\n - application_name:\n usage: \"LABEL\"\n description: \"Name of the application\"\n - state:\n usage: \"LABEL\"\n description: \"State of the backend\"\n - total:\n usage: \"GAUGE\"\n description: \"Number of backends\"\n - max_tx_duration_seconds:\n usage: \"GAUGE\"\n description: \"Maximum duration of a transaction in seconds\"\n\nbackends_waiting:\n query: |\n SELECT count(*) AS total\n FROM pg_catalog.pg_locks blocked_locks\n JOIN pg_catalog.pg_locks blocking_locks\n ON blocking_locks.locktype = blocked_locks.locktype\n AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database\n AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation\n AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page\n AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple\n AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid\n AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid\n AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid\n AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid\n AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid\n AND blocking_locks.pid != blocked_locks.pid\n JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid\n WHERE NOT blocked_locks.granted\n metrics:\n - total:\n usage: \"GAUGE\"\n description: \"Total number of backends that are currently waiting on other queries\"\n\npg_database:\n query: |\n SELECT datname\n , pg_catalog.pg_database_size(datname) AS size_bytes\n , pg_catalog.age(datfrozenxid) AS xid_age\n , pg_catalog.mxid_age(datminmxid) AS mxid_age\n FROM pg_catalog.pg_database\n WHERE datallowconn\n metrics:\n - datname:\n usage: \"LABEL\"\n description: \"Name of the database\"\n - size_bytes:\n usage: \"GAUGE\"\n description: \"Disk space used by the database\"\n - xid_age:\n usage: \"GAUGE\"\n description: \"Number of transactions from the frozen XID to the current one\"\n - mxid_age:\n usage: \"GAUGE\"\n description: \"Number of multiple transactions (Multixact) from the frozen XID to the current one\"\n\npg_postmaster:\n query: |\n SELECT EXTRACT(EPOCH FROM pg_postmaster_start_time) AS start_time\n FROM pg_catalog.pg_postmaster_start_time()\n metrics:\n - start_time:\n usage: \"GAUGE\"\n description: \"Time at which postgres started (based on epoch)\"\n\npg_replication:\n query: |\n SELECT CASE WHEN (\n NOT pg_catalog.pg_is_in_recovery()\n OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())\n THEN 0\n ELSE GREATEST (0,\n EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))\n END AS lag,\n pg_catalog.pg_is_in_recovery() AS in_recovery,\n EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,\n (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas\n metrics:\n - lag:\n usage: \"GAUGE\"\n description: \"Replication lag behind primary in seconds\"\n - in_recovery:\n usage: \"GAUGE\"\n description: \"Whether the instance is in recovery\"\n - is_wal_receiver_up:\n usage: \"GAUGE\"\n description: \"Whether the instance wal_receiver is up\"\n - streaming_replicas:\n usage: \"GAUGE\"\n description: \"Number of streaming replicas connected to the instance\"\n\npg_replication_slots:\n query: |\n SELECT slot_name,\n slot_type,\n database,\n active,\n (CASE pg_catalog.pg_is_in_recovery()\n WHEN TRUE THEN pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_last_wal_receive_lsn(), restart_lsn)\n ELSE pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn)\n END) as pg_wal_lsn_diff\n FROM pg_catalog.pg_replication_slots\n WHERE NOT temporary\n metrics:\n - slot_name:\n usage: \"LABEL\"\n description: \"Name of the replication slot\"\n - slot_type:\n usage: \"LABEL\"\n description: \"Type of the replication slot\"\n - database:\n usage: \"LABEL\"\n description: \"Name of the database\"\n - active:\n usage: \"GAUGE\"\n description: \"Flag indicating whether the slot is active\"\n - pg_wal_lsn_diff:\n usage: \"GAUGE\"\n description: \"Replication lag in bytes\"\n\npg_stat_archiver:\n query: |\n SELECT archived_count\n , failed_count\n , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival\n , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure\n , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time\n , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time\n , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn\n , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn\n , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time\n FROM pg_catalog.pg_stat_archiver\n predicate_query: |\n SELECT NOT pg_catalog.pg_is_in_recovery()\n OR pg_catalog.current_setting('archive_mode') = 'always'\n metrics:\n - archived_count:\n usage: \"COUNTER\"\n description: \"Number of WAL files that have been successfully archived\"\n - failed_count:\n usage: \"COUNTER\"\n description: \"Number of failed attempts for archiving WAL files\"\n - seconds_since_last_archival:\n usage: \"GAUGE\"\n description: \"Seconds since the last successful archival operation\"\n - seconds_since_last_failure:\n usage: \"GAUGE\"\n description: \"Seconds since the last failed archival operation\"\n - last_archived_time:\n usage: \"GAUGE\"\n description: \"Epoch of the last time WAL archiving succeeded\"\n - last_failed_time:\n usage: \"GAUGE\"\n description: \"Epoch of the last time WAL archiving failed\"\n - last_archived_wal_start_lsn:\n usage: \"GAUGE\"\n description: \"Archived WAL start LSN\"\n - last_failed_wal_start_lsn:\n usage: \"GAUGE\"\n description: \"Last failed WAL LSN\"\n - stats_reset_time:\n usage: \"GAUGE\"\n description: \"Time at which these statistics were last reset\"\n\npg_stat_bgwriter:\n runonserver: \"<17.0.0\"\n query: |\n SELECT checkpoints_timed\n , checkpoints_req\n , checkpoint_write_time\n , checkpoint_sync_time\n , buffers_checkpoint\n , buffers_clean\n , maxwritten_clean\n , buffers_backend\n , buffers_backend_fsync\n , buffers_alloc\n FROM pg_catalog.pg_stat_bgwriter\n metrics:\n - checkpoints_timed:\n usage: \"COUNTER\"\n description: \"Number of scheduled checkpoints that have been performed\"\n - checkpoints_req:\n usage: \"COUNTER\"\n description: \"Number of requested checkpoints that have been performed\"\n - checkpoint_write_time:\n usage: \"COUNTER\"\n description: \"Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds\"\n - checkpoint_sync_time:\n usage: \"COUNTER\"\n description: \"Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds\"\n - buffers_checkpoint:\n usage: \"COUNTER\"\n description: \"Number of buffers written during checkpoints\"\n - buffers_clean:\n usage: \"COUNTER\"\n description: \"Number of buffers written by the background writer\"\n - maxwritten_clean:\n usage: \"COUNTER\"\n description: \"Number of times the background writer stopped a cleaning scan because it had written too many buffers\"\n - buffers_backend:\n usage: \"COUNTER\"\n description: \"Number of buffers written directly by a backend\"\n - buffers_backend_fsync:\n usage: \"COUNTER\"\n description: \"Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)\"\n - buffers_alloc:\n usage: \"COUNTER\"\n description: \"Number of buffers allocated\"\n\npg_stat_bgwriter_17:\n runonserver: \">=17.0.0\"\n name: pg_stat_bgwriter\n query: |\n SELECT buffers_clean\n , maxwritten_clean\n , buffers_alloc\n , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time\n FROM pg_catalog.pg_stat_bgwriter\n metrics:\n - buffers_clean:\n usage: \"COUNTER\"\n description: \"Number of buffers written by the background writer\"\n - maxwritten_clean:\n usage: \"COUNTER\"\n description: \"Number of times the background writer stopped a cleaning scan because it had written too many buffers\"\n - buffers_alloc:\n usage: \"COUNTER\"\n description: \"Number of buffers allocated\"\n - stats_reset_time:\n usage: \"GAUGE\"\n description: \"Time at which these statistics were last reset\"\n\npg_stat_checkpointer:\n runonserver: \">=17.0.0\"\n query: |\n SELECT num_timed AS checkpoints_timed\n , num_requested AS checkpoints_req\n , restartpoints_timed\n , restartpoints_req\n , restartpoints_done\n , write_time\n , sync_time\n , buffers_written\n , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time\n FROM pg_catalog.pg_stat_checkpointer\n metrics:\n - checkpoints_timed:\n usage: \"COUNTER\"\n description: \"Number of scheduled checkpoints that have been performed\"\n - checkpoints_req:\n usage: \"COUNTER\"\n description: \"Number of requested checkpoints that have been performed\"\n - restartpoints_timed:\n usage: \"COUNTER\"\n description: \"Number of scheduled restartpoints due to timeout or after a failed attempt to perform it\"\n - restartpoints_req:\n usage: \"COUNTER\"\n description: \"Number of requested restartpoints that have been performed\"\n - restartpoints_done:\n usage: \"COUNTER\"\n description: \"Number of restartpoints that have been performed\"\n - write_time:\n usage: \"COUNTER\"\n description: \"Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are written to disk, in milliseconds\"\n - sync_time:\n usage: \"COUNTER\"\n description: \"Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are synchronized to disk, in milliseconds\"\n - buffers_written:\n usage: \"COUNTER\"\n description: \"Number of buffers written during checkpoints and restartpoints\"\n - stats_reset_time:\n usage: \"GAUGE\"\n description: \"Time at which these statistics were last reset\"\n\npg_stat_database:\n query: |\n SELECT datname\n , xact_commit\n , xact_rollback\n , blks_read\n , blks_hit\n , tup_returned\n , tup_fetched\n , tup_inserted\n , tup_updated\n , tup_deleted\n , conflicts\n , temp_files\n , temp_bytes\n , deadlocks\n , blk_read_time\n , blk_write_time\n FROM pg_catalog.pg_stat_database\n metrics:\n - datname:\n usage: \"LABEL\"\n description: \"Name of this database\"\n - xact_commit:\n usage: \"COUNTER\"\n description: \"Number of transactions in this database that have been committed\"\n - xact_rollback:\n usage: \"COUNTER\"\n description: \"Number of transactions in this database that have been rolled back\"\n - blks_read:\n usage: \"COUNTER\"\n description: \"Number of disk blocks read in this database\"\n - blks_hit:\n usage: \"COUNTER\"\n description: \"Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache)\"\n - tup_returned:\n usage: \"COUNTER\"\n description: \"Number of rows returned by queries in this database\"\n - tup_fetched:\n usage: \"COUNTER\"\n description: \"Number of rows fetched by queries in this database\"\n - tup_inserted:\n usage: \"COUNTER\"\n description: \"Number of rows inserted by queries in this database\"\n - tup_updated:\n usage: \"COUNTER\"\n description: \"Number of rows updated by queries in this database\"\n - tup_deleted:\n usage: \"COUNTER\"\n description: \"Number of rows deleted by queries in this database\"\n - conflicts:\n usage: \"COUNTER\"\n description: \"Number of queries canceled due to conflicts with recovery in this database\"\n - temp_files:\n usage: \"COUNTER\"\n description: \"Number of temporary files created by queries in this database\"\n - temp_bytes:\n usage: \"COUNTER\"\n description: \"Total amount of data written to temporary files by queries in this database\"\n - deadlocks:\n usage: \"COUNTER\"\n description: \"Number of deadlocks detected in this database\"\n - blk_read_time:\n usage: \"COUNTER\"\n description: \"Time spent reading data file blocks by backends in this database, in milliseconds\"\n - blk_write_time:\n usage: \"COUNTER\"\n description: \"Time spent writing data file blocks by backends in this database, in milliseconds\"\n\npg_stat_replication:\n primary: true\n query: |\n SELECT usename\n , COALESCE(application_name, '') AS application_name\n , COALESCE(client_addr::text, '') AS client_addr\n , COALESCE(client_port::text, '') AS client_port\n , EXTRACT(EPOCH FROM backend_start) AS backend_start\n , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age\n , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes\n , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes\n , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes\n , COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes\n , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds\n , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds\n , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds\n FROM pg_catalog.pg_stat_replication\n metrics:\n - usename:\n usage: \"LABEL\"\n description: \"Name of the replication user\"\n - application_name:\n usage: \"LABEL\"\n description: \"Name of the application\"\n - client_addr:\n usage: \"LABEL\"\n description: \"Client IP address\"\n - client_port:\n usage: \"LABEL\"\n description: \"Client TCP port\"\n - backend_start:\n usage: \"COUNTER\"\n description: \"Time when this process was started\"\n - backend_xmin_age:\n usage: \"COUNTER\"\n description: \"The age of this standby's xmin horizon\"\n - sent_diff_bytes:\n usage: \"GAUGE\"\n description: \"Difference in bytes from the last write-ahead log location sent on this connection\"\n - write_diff_bytes:\n usage: \"GAUGE\"\n description: \"Difference in bytes from the last write-ahead log location written to disk by this standby server\"\n - flush_diff_bytes:\n usage: \"GAUGE\"\n description: \"Difference in bytes from the last write-ahead log location flushed to disk by this standby server\"\n - replay_diff_bytes:\n usage: \"GAUGE\"\n description: \"Difference in bytes from the last write-ahead log location replayed into the database on this standby server\"\n - write_lag_seconds:\n usage: \"GAUGE\"\n description: \"Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written it\"\n - flush_lag_seconds:\n usage: \"GAUGE\"\n description: \"Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it\"\n - replay_lag_seconds:\n usage: \"GAUGE\"\n description: \"Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written, flushed and applied it\"\n\npg_settings:\n query: |\n SELECT name,\n CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END AS setting\n FROM pg_catalog.pg_settings\n WHERE vartype IN ('integer', 'real', 'bool')\n ORDER BY 1\n metrics:\n - name:\n usage: \"LABEL\"\n description: \"Name of the setting\"\n - setting:\n usage: \"GAUGE\"\n description: \"Setting value\"\n\npg_extensions:\n query: |\n SELECT\n current_database() as datname,\n name as extname,\n default_version,\n installed_version,\n CASE\n WHEN default_version = installed_version THEN 0\n ELSE 1\n END AS update_available\n FROM pg_catalog.pg_available_extensions\n WHERE installed_version IS NOT NULL\n metrics:\n - datname:\n usage: \"LABEL\"\n description: \"Name of the database\"\n - extname:\n usage: \"LABEL\"\n description: \"Extension name\"\n - default_version:\n usage: \"LABEL\"\n description: \"Default version\"\n - installed_version:\n usage: \"LABEL\"\n description: \"Installed version\"\n - update_available:\n usage: \"GAUGE\"\n description: \"An update is available\"\n target_databases:\n - '*'\n"` | A string representation of a YAML defining monitoring queries. | | cnpg.nameOverride | string | `""` | | | cnpg.namespaceOverride | string | `""` | | | cnpg.nodeSelector | object | `{}` | Nodeselector for the operator to be installed. | @@ -61,19 +61,21 @@ A Helm chart for Kubernetes | cnpg.podLabels | object | `{}` | Labels to be added to the pod. | | cnpg.podSecurityContext | object | `{"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security Context for the whole pod. | | cnpg.priorityClassName | string | `""` | Priority indicates the importance of a Pod relative to other Pods. | -| cnpg.rbac.aggregateClusterRoles | bool | `false` | Aggregate ClusterRoles to Kubernetes default user-facing roles. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/ #user-facing-roles | +| cnpg.rbac.aggregateClusterRoles | bool | `false` | Aggregate ClusterRoles to Kubernetes default user-facing roles. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles | | cnpg.rbac.create | bool | `true` | Specifies whether ClusterRole and ClusterRoleBinding should be created. | | cnpg.replicaCount | int | `1` | | | cnpg.resources | object | `{}` | | | cnpg.service.ipFamilies | list | `[]` | Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | -| cnpg.service.ipFamilyPolicy | string | `""` | Set the ip family policy to configure dual-stack see https://kubernetes.io/docs/concepts/services-networking/dual-stack/ | +| cnpg.service.ipFamilyPolicy | string | `""` | Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | | cnpg.service.name | string | `"cnpg-webhook-service"` | DO NOT CHANGE THE SERVICE NAME as it is currently used to generate the certificate and can not be configured | | cnpg.service.port | int | `443` | | | cnpg.service.type | string | `"ClusterIP"` | | | cnpg.serviceAccount.create | bool | `true` | Specifies whether the service account should be created. | | cnpg.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | | cnpg.tolerations | list | `[]` | Tolerations for the operator to be installed. | -| cnpg.webhook | object | `{"livenessProbe":{"initialDelaySeconds":3},"mutating":{"create":true,"failurePolicy":"Fail"},"port":9443,"readinessProbe":{"initialDelaySeconds":3},"validating":{"create":true,"failurePolicy":"Fail"}}` | The webhook configuration. | +| cnpg.topologySpreadConstraints | list | `[]` | Topology Spread Constraints for the operator to be installed. | +| cnpg.updateStrategy | object | `{}` | Update strategy for the operator. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy For example: type: RollingUpdate rollingUpdate: maxSurge: 25% maxUnavailable: 25% | +| cnpg.webhook | object | `{"livenessProbe":{"initialDelaySeconds":3},"mutating":{"create":true,"failurePolicy":"Fail"},"port":9443,"readinessProbe":{"initialDelaySeconds":3},"startupProbe":{"failureThreshold":6,"periodSeconds":5},"validating":{"create":true,"failurePolicy":"Fail"}}` | The webhook configuration. | | databases | list | `[]` | List of CloudNativePG databases to deploy | | externalSecrets | list | `[]` | List of ExternalSecrets to deploy | | passwords | list | `[]` | List of External Secrets password generators to deploy | @@ -103,7 +105,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.4" + targetRevision: "0.1.5" chart: cnpg path: '' helm: diff --git a/charts/cnpg/charts/cloudnative-pg-0.23.0.tgz b/charts/cnpg/charts/cloudnative-pg-0.23.0.tgz deleted file mode 100644 index c54d10be..00000000 Binary files a/charts/cnpg/charts/cloudnative-pg-0.23.0.tgz and /dev/null differ diff --git a/charts/cnpg/charts/cloudnative-pg-0.28.0.tgz b/charts/cnpg/charts/cloudnative-pg-0.28.0.tgz new file mode 100644 index 00000000..ab48d021 Binary files /dev/null and b/charts/cnpg/charts/cloudnative-pg-0.28.0.tgz differ diff --git a/charts/cnpg/values.yaml b/charts/cnpg/values.yaml index 2fabce47..a891ec6c 100644 --- a/charts/cnpg/values.yaml +++ b/charts/cnpg/values.yaml @@ -2,7 +2,8 @@ # Default values for cnpg. cnpg: # - # Copyright The CloudNativePG Contributors + # Copyright © contributors to CloudNativePG, established as + # CloudNativePG a Series of LF Projects, LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +17,8 @@ cnpg: # See the License for the specific language governing permissions and # limitations under the License. # + # SPDX-License-Identifier: Apache-2.0 + # # Default values for CloudNativePG. # This is a YAML-formatted file. # Please declare variables to be passed to your templates. @@ -36,9 +39,17 @@ cnpg: hostNetwork: false dnsPolicy: "" + # -- Update strategy for the operator. + # ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy + # For example: + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + updateStrategy: {} + crds: - # -- Specifies whether the CRDs should be created when installing the - # chart. + # -- Specifies whether the CRDs should be created when installing the chart. create: true # -- The webhook configuration. @@ -54,6 +65,9 @@ cnpg: initialDelaySeconds: 3 readinessProbe: initialDelaySeconds: 3 + startupProbe: + failureThreshold: 6 + periodSeconds: 5 # Operator configuration. config: @@ -61,16 +75,14 @@ cnpg: create: true # -- The name of the configmap/secret to use. name: cnpg-controller-manager-config - # -- Specifies whether it should be stored in a secret, instead of a - # configmap. + # -- Specifies whether it should be stored in a secret, instead of a configmap. secret: false # -- This option determines if the operator is responsible for observing # events across the entire Kubernetes cluster or if its focus should be # narrowed down to the specific namespace within which it has been deployed. clusterWide: true # -- The content of the configmap/secret, see - # https://cloudnative-pg.io/documentation/current/ - # operator_conf/#available-options + # https://cloudnative-pg.io/documentation/current/operator_conf/#available-options # for all the available options. data: {} # INHERITED_ANNOTATIONS: categories @@ -79,7 +91,7 @@ cnpg: # -- The maximum number of concurrent reconciles. Defaults to 10. maxConcurrentReconciles: 10 - # -- Additinal arguments to be added to the operator's args list. + # -- Additional arguments to be added to the operator's args list. additionalArgs: [] # -- Array containing extra environment variables which can be templated. @@ -94,16 +106,14 @@ cnpg: # -- Specifies whether the service account should be created. create: true # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname - # template. + # If not set and create is true, a name is generated using the fullname template. name: "" rbac: # -- Specifies whether ClusterRole and ClusterRoleBinding should be created. create: true # -- Aggregate ClusterRoles to Kubernetes default user-facing roles. - # Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/ - # #user-facing-roles + # Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles aggregateClusterRoles: false # -- Annotations to be added to all other resources. @@ -127,42 +137,42 @@ cnpg: # -- Security Context for the whole pod. podSecurityContext: - # fsGroup: 2000 runAsNonRoot: true seccompProfile: type: RuntimeDefault + # fsGroup: 2000 # -- Priority indicates the importance of a Pod relative to other Pods. priorityClassName: "" service: type: ClusterIP - # -- DO NOT CHANGE THE SERVICE NAME as it is currently used to generate - # the certificate and can not be configured + # -- DO NOT CHANGE THE SERVICE NAME as it is currently used to generate the certificate + # and can not be configured name: cnpg-webhook-service port: 443 - # -- Set the ip family policy to configure dual-stack see - # https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + # -- Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) ipFamilyPolicy: "" - # -- Sets the families that should be supported and the order in which - # they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + # -- Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. ipFamilies: [] resources: {} - # If you want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after - # 'resources:'. - # - # limits: - # cpu: 100m - # memory: 200Mi - # requests: - # cpu: 100m - # memory: 100Mi + # If you want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # limits: + # cpu: 100m + # memory: 200Mi + # requests: + # cpu: 100m + # memory: 100Mi # -- Nodeselector for the operator to be installed. nodeSelector: {} + # -- Topology Spread Constraints for the operator to be installed. + topologySpreadConstraints: [] + # -- Tolerations for the operator to be installed. tolerations: [] @@ -170,8 +180,8 @@ cnpg: affinity: {} monitoring: - # -- Specifies whether the monitoring should be enabled. Requires Prometheus - # Operator CRDs. + + # -- Specifies whether the monitoring should be enabled. Requires Prometheus Operator CRDs. podMonitorEnabled: false # -- Metrics relabel configurations to apply to samples before ingestion. podMonitorMetricRelabelings: [] @@ -182,16 +192,13 @@ cnpg: grafanaDashboard: create: false - # -- Allows overriding the namespace where the ConfigMap will be created, - # defaulting to the same one as the Release. + # -- Allows overriding the namespace where the ConfigMap will be created, defaulting to the same one as the Release. namespace: "" # -- The name of the ConfigMap containing the dashboard. configMapName: "cnpg-grafana-dashboard" - # -- Label that ConfigMaps should have to be loaded as dashboards. - # DEPRECATED: Use labels instead. + # -- Label that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead. sidecarLabel: "grafana_dashboard" - # -- Label value that ConfigMaps should have to be loaded as dashboards. - # DEPRECATED: Use labels instead. + # -- Label value that ConfigMaps should have to be loaded as dashboards. DEPRECATED: Use labels instead. sidecarLabelValue: "1" # -- Labels that ConfigMaps should have to get configured in Grafana. labels: {} @@ -206,31 +213,30 @@ cnpg: queries: | backends: query: | - SELECT sa.datname - , sa.usename - , sa.application_name - , states.state - , COALESCE(sa.count, 0) AS total - , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds - FROM ( VALUES ('active') - , ('idle') - , ('idle in transaction') - , ('idle in transaction (aborted)') - , ('fastpath function call') - , ('disabled') - ) AS states(state) - LEFT JOIN ( - SELECT datname - , state - , usename - , COALESCE(application_name, '') AS application_name - , COUNT(*) - , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), - 0) AS max_tx_secs - FROM pg_catalog.pg_stat_activity - GROUP BY datname, state, usename, application_name - ) sa ON states.state = sa.state - WHERE sa.usename IS NOT NULL + SELECT sa.datname + , sa.usename + , sa.application_name + , states.state + , COALESCE(sa.count, 0) AS total + , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds + FROM ( VALUES ('active') + , ('idle') + , ('idle in transaction') + , ('idle in transaction (aborted)') + , ('fastpath function call') + , ('disabled') + ) AS states(state) + LEFT JOIN ( + SELECT datname + , state + , usename + , COALESCE(application_name, '') AS application_name + , COUNT(*) + , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs + FROM pg_catalog.pg_stat_activity + GROUP BY datname, state, usename, application_name + ) sa ON states.state = sa.state + WHERE sa.usename IS NOT NULL metrics: - datname: usage: "LABEL" @@ -249,40 +255,30 @@ cnpg: description: "Number of backends" - max_tx_duration_seconds: usage: "GAUGE" - description: >- - Maximum duration of a transaction in seconds + description: "Maximum duration of a transaction in seconds" backends_waiting: query: | - SELECT count(*) AS total - FROM pg_catalog.pg_locks blocked_locks - JOIN pg_catalog.pg_locks blocking_locks - ON blocking_locks.locktype = blocked_locks.locktype - AND blocking_locks.database IS NOT DISTINCT FROM - blocked_locks.database - AND blocking_locks.relation IS NOT DISTINCT FROM - blocked_locks.relation - AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page - AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple - AND blocking_locks.virtualxid IS NOT DISTINCT FROM - blocked_locks.virtualxid - AND blocking_locks.transactionid IS NOT DISTINCT FROM - blocked_locks.transactionid - AND blocking_locks.classid IS NOT DISTINCT FROM - blocked_locks.classid - AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid - AND blocking_locks.objsubid IS NOT DISTINCT FROM - blocked_locks.objsubid - AND blocking_locks.pid != blocked_locks.pid - JOIN pg_catalog.pg_stat_activity blocking_activity - ON blocking_activity.pid = blocking_locks.pid - WHERE NOT blocked_locks.granted + SELECT count(*) AS total + FROM pg_catalog.pg_locks blocked_locks + JOIN pg_catalog.pg_locks blocking_locks + ON blocking_locks.locktype = blocked_locks.locktype + AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database + AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation + AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page + AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple + AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid + AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid + AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid + AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid + AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid + AND blocking_locks.pid != blocked_locks.pid + JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid + WHERE NOT blocked_locks.granted metrics: - total: usage: "GAUGE" - description: >- - Total number of backends that are currently waiting on other - queries + description: "Total number of backends that are currently waiting on other queries" pg_database: query: | @@ -301,13 +297,10 @@ cnpg: description: "Disk space used by the database" - xid_age: usage: "GAUGE" - description: >- - Number of transactions from the frozen XID to the current one + description: "Number of transactions from the frozen XID to the current one" - mxid_age: usage: "GAUGE" - description: >- - Number of multiple transactions (Multixact) from the frozen XID - to the current one + description: "Number of multiple transactions (Multixact) from the frozen XID to the current one" pg_postmaster: query: | @@ -319,20 +312,17 @@ cnpg: description: "Time at which postgres started (based on epoch)" pg_replication: - query: >- + query: | SELECT CASE WHEN ( - NOT pg_catalog.pg_is_in_recovery() - OR pg_catalog.pg_last_wal_receive_lsn() = - pg_catalog.pg_last_wal_replay_lsn()) - THEN 0 - ELSE GREATEST (0, - EXTRACT(EPOCH FROM (now() - - pg_catalog.pg_last_xact_replay_timestamp()))) - END AS lag, - pg_catalog.pg_is_in_recovery() AS in_recovery, - EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up, - (SELECT count(*) FROM pg_catalog.pg_stat_replication) - AS streaming_replicas + NOT pg_catalog.pg_is_in_recovery() + OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn()) + THEN 0 + ELSE GREATEST (0, + EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp()))) + END AS lag, + pg_catalog.pg_is_in_recovery() AS in_recovery, + EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up, + (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas metrics: - lag: usage: "GAUGE" @@ -345,8 +335,7 @@ cnpg: description: "Whether the instance wal_receiver is up" - streaming_replicas: usage: "GAUGE" - description: >- - Number of streaming replicas connected to the instance + description: "Number of streaming replicas connected to the instance" pg_replication_slots: query: | @@ -355,10 +344,8 @@ cnpg: database, active, (CASE pg_catalog.pg_is_in_recovery() - WHEN TRUE THEN pg_catalog.pg_wal_lsn_diff( - pg_catalog.pg_last_wal_receive_lsn(), restart_lsn) - ELSE pg_catalog.pg_wal_lsn_diff( - pg_catalog.pg_current_wal_lsn(), restart_lsn) + WHEN TRUE THEN pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_last_wal_receive_lsn(), restart_lsn) + ELSE pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn) END) as pg_wal_lsn_diff FROM pg_catalog.pg_replication_slots WHERE NOT temporary @@ -383,49 +370,36 @@ cnpg: query: | SELECT archived_count , failed_count - , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) - AS seconds_since_last_archival - , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) - AS seconds_since_last_failure - , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) - AS last_archived_time - , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) - AS last_failed_time - , COALESCE(CAST(CAST('x'||pg_catalog.right( - pg_catalog.split_part(last_archived_wal, '.', 1), 16) - AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) - AS last_archived_wal_start_lsn - , COALESCE(CAST(CAST('x'||pg_catalog.right( - pg_catalog.split_part(last_failed_wal, '.', 1), 16) - AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) - AS last_failed_wal_start_lsn + , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival + , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure + , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time + , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time + , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn + , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time FROM pg_catalog.pg_stat_archiver + predicate_query: | + SELECT NOT pg_catalog.pg_is_in_recovery() + OR pg_catalog.current_setting('archive_mode') = 'always' metrics: - archived_count: usage: "COUNTER" - description: >- - Number of WAL files that have been successfully archived + description: "Number of WAL files that have been successfully archived" - failed_count: usage: "COUNTER" - description: >- - Number of failed attempts for archiving WAL files + description: "Number of failed attempts for archiving WAL files" - seconds_since_last_archival: usage: "GAUGE" - description: >- - Seconds since the last successful archival operation + description: "Seconds since the last successful archival operation" - seconds_since_last_failure: usage: "GAUGE" - description: >- - Seconds since the last failed archival operation + description: "Seconds since the last failed archival operation" - last_archived_time: usage: "GAUGE" - description: >- - Epoch of the last time WAL archiving succeeded + description: "Epoch of the last time WAL archiving succeeded" - last_failed_time: usage: "GAUGE" - description: >- - Epoch of the last time WAL archiving failed + description: "Epoch of the last time WAL archiving failed" - last_archived_wal_start_lsn: usage: "GAUGE" description: "Archived WAL start LSN" @@ -434,8 +408,7 @@ cnpg: description: "Last failed WAL LSN" - stats_reset_time: usage: "GAUGE" - description: >- - Time at which these statistics were last reset + description: "Time at which these statistics were last reset" pg_stat_bgwriter: runonserver: "<17.0.0" @@ -454,51 +427,34 @@ cnpg: metrics: - checkpoints_timed: usage: "COUNTER" - description: >- - Number of scheduled checkpoints that have been performed + description: "Number of scheduled checkpoints that have been performed" - checkpoints_req: usage: "COUNTER" - description: >- - Number of requested checkpoints that have been performed + description: "Number of requested checkpoints that have been performed" - checkpoint_write_time: usage: "COUNTER" - description: >- - Total amount of time that has been spent in the portion of - checkpoint processing where files are written to disk, in - milliseconds + description: "Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds" - checkpoint_sync_time: usage: "COUNTER" - description: >- - Total amount of time that has been spent in the portion of - checkpoint processing where files are synchronized to disk, in - milliseconds + description: "Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds" - buffers_checkpoint: usage: "COUNTER" - description: >- - Number of buffers written during checkpoints + description: "Number of buffers written during checkpoints" - buffers_clean: usage: "COUNTER" - description: >- - Number of buffers written by the background writer + description: "Number of buffers written by the background writer" - maxwritten_clean: usage: "COUNTER" - description: >- - Number of times the background writer stopped a cleaning scan - because it had written too many buffers + description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers" - buffers_backend: usage: "COUNTER" - description: >- - Number of buffers written directly by a backend + description: "Number of buffers written directly by a backend" - buffers_backend_fsync: usage: "COUNTER" - description: >- - Number of times a backend had to execute its own fsync call - (normally the background writer handles those even when the - backend does its own write) + description: "Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)" - buffers_alloc: usage: "COUNTER" - description: >- - Number of buffers allocated + description: "Number of buffers allocated" pg_stat_bgwriter_17: runonserver: ">=17.0.0" @@ -512,21 +468,16 @@ cnpg: metrics: - buffers_clean: usage: "COUNTER" - description: >- - Number of buffers written by the background writer + description: "Number of buffers written by the background writer" - maxwritten_clean: usage: "COUNTER" - description: >- - Number of times the background writer stopped a cleaning scan - because it had written too many buffers + description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers" - buffers_alloc: usage: "COUNTER" - description: >- - Number of buffers allocated + description: "Number of buffers allocated" - stats_reset_time: usage: "GAUGE" - description: >- - Time at which these statistics were last reset + description: "Time at which these statistics were last reset" pg_stat_checkpointer: runonserver: ">=17.0.0" @@ -544,45 +495,31 @@ cnpg: metrics: - checkpoints_timed: usage: "COUNTER" - description: >- - Number of scheduled checkpoints that have been performed + description: "Number of scheduled checkpoints that have been performed" - checkpoints_req: usage: "COUNTER" - description: >- - Number of requested checkpoints that have been performed + description: "Number of requested checkpoints that have been performed" - restartpoints_timed: usage: "COUNTER" - description: >- - Number of scheduled restartpoints due to timeout or after a - failed attempt to perform it + description: "Number of scheduled restartpoints due to timeout or after a failed attempt to perform it" - restartpoints_req: usage: "COUNTER" - description: >- - Number of requested restartpoints that have been performed + description: "Number of requested restartpoints that have been performed" - restartpoints_done: usage: "COUNTER" - description: >- - Number of restartpoints that have been performed + description: "Number of restartpoints that have been performed" - write_time: usage: "COUNTER" - description: >- - Total amount of time that has been spent in the portion of - processing checkpoints and restartpoints where files are written - to disk, in milliseconds + description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are written to disk, in milliseconds" - sync_time: usage: "COUNTER" - description: >- - Total amount of time that has been spent in the portion of - processing checkpoints and restartpoints where files are - synchronized to disk, in milliseconds + description: "Total amount of time that has been spent in the portion of processing checkpoints and restartpoints where files are synchronized to disk, in milliseconds" - buffers_written: usage: "COUNTER" - description: >- - Number of buffers written during checkpoints and restartpoints + description: "Number of buffers written during checkpoints and restartpoints" - stats_reset_time: usage: "GAUGE" - description: >- - Time at which these statistics were last reset + description: "Time at which these statistics were last reset" pg_stat_database: query: | @@ -609,98 +546,67 @@ cnpg: description: "Name of this database" - xact_commit: usage: "COUNTER" - description: >- - Number of transactions in this database that have been committed + description: "Number of transactions in this database that have been committed" - xact_rollback: usage: "COUNTER" - description: >- - Number of transactions in this database that have been rolled - back + description: "Number of transactions in this database that have been rolled back" - blks_read: usage: "COUNTER" - description: >- - Number of disk blocks read in this database + description: "Number of disk blocks read in this database" - blks_hit: usage: "COUNTER" - description: >- - Number of times disk blocks were found already in the buffer - cache, so that a read was not necessary (this only includes hits - in the PostgreSQL buffer cache, not the operating system's file - system cache) + description: "Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache)" - tup_returned: usage: "COUNTER" - description: >- - Number of rows returned by queries in this database + description: "Number of rows returned by queries in this database" - tup_fetched: usage: "COUNTER" - description: >- - Number of rows fetched by queries in this database + description: "Number of rows fetched by queries in this database" - tup_inserted: usage: "COUNTER" - description: >- - Number of rows inserted by queries in this database + description: "Number of rows inserted by queries in this database" - tup_updated: usage: "COUNTER" - description: >- - Number of rows updated by queries in this database + description: "Number of rows updated by queries in this database" - tup_deleted: usage: "COUNTER" - description: >- - Number of rows deleted by queries in this database + description: "Number of rows deleted by queries in this database" - conflicts: usage: "COUNTER" - description: >- - Number of queries canceled due to conflicts with recovery in - this database + description: "Number of queries canceled due to conflicts with recovery in this database" - temp_files: usage: "COUNTER" - description: >- - Number of temporary files created by queries in this database + description: "Number of temporary files created by queries in this database" - temp_bytes: usage: "COUNTER" - description: >- - Total amount of data written to temporary files by queries in - this database + description: "Total amount of data written to temporary files by queries in this database" - deadlocks: usage: "COUNTER" - description: >- - Number of deadlocks detected in this database + description: "Number of deadlocks detected in this database" - blk_read_time: usage: "COUNTER" - description: >- - Time spent reading data file blocks by backends in this - database, in milliseconds + description: "Time spent reading data file blocks by backends in this database, in milliseconds" - blk_write_time: usage: "COUNTER" - description: >- - Time spent writing data file blocks by backends in this - database, in milliseconds + description: "Time spent writing data file blocks by backends in this database, in milliseconds" pg_stat_replication: primary: true query: | - SELECT usename - , COALESCE(application_name, '') AS application_name - , COALESCE(client_addr::text, '') AS client_addr - , COALESCE(client_port::text, '') AS client_port - , EXTRACT(EPOCH FROM backend_start) AS backend_start - , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age - , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), - sent_lsn) AS sent_diff_bytes - , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), - write_lsn) AS write_diff_bytes - , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), - flush_lsn) AS flush_diff_bytes - , COALESCE(pg_catalog.pg_wal_lsn_diff( - pg_catalog.pg_current_wal_lsn(), replay_lsn),0) - AS replay_diff_bytes - , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float - AS write_lag_seconds - , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float - AS flush_lag_seconds - , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float - AS replay_lag_seconds - FROM pg_catalog.pg_stat_replication + SELECT usename + , COALESCE(application_name, '') AS application_name + , COALESCE(client_addr::text, '') AS client_addr + , COALESCE(client_port::text, '') AS client_port + , EXTRACT(EPOCH FROM backend_start) AS backend_start + , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes + , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes + , COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes + , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds + , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds + , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds + FROM pg_catalog.pg_stat_replication metrics: - usename: usage: "LABEL" @@ -722,46 +628,30 @@ cnpg: description: "The age of this standby's xmin horizon" - sent_diff_bytes: usage: "GAUGE" - description: >- - Difference in bytes from the last write-ahead log location sent - on this connection + description: "Difference in bytes from the last write-ahead log location sent on this connection" - write_diff_bytes: usage: "GAUGE" - description: >- - Difference in bytes from the last write-ahead log location - written to disk by this standby server + description: "Difference in bytes from the last write-ahead log location written to disk by this standby server" - flush_diff_bytes: usage: "GAUGE" - description: >- - Difference in bytes from the last write-ahead log location - flushed to disk by this standby server + description: "Difference in bytes from the last write-ahead log location flushed to disk by this standby server" - replay_diff_bytes: usage: "GAUGE" - description: >- - Difference in bytes from the last write-ahead log location - replayed into the database on this standby server + description: "Difference in bytes from the last write-ahead log location replayed into the database on this standby server" - write_lag_seconds: usage: "GAUGE" - description: >- - Time elapsed between flushing recent WAL locally and receiving - notification that this standby server has written it + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written it" - flush_lag_seconds: usage: "GAUGE" - description: >- - Time elapsed between flushing recent WAL locally and receiving - notification that this standby server has written and flushed it + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it" - replay_lag_seconds: usage: "GAUGE" - description: >- - Time elapsed between flushing recent WAL locally and receiving - notification that this standby server has written, flushed and - applied it + description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written, flushed and applied it" pg_settings: query: | SELECT name, - CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END - AS setting + CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END AS setting FROM pg_catalog.pg_settings WHERE vartype IN ('integer', 'real', 'bool') ORDER BY 1 @@ -773,6 +663,37 @@ cnpg: usage: "GAUGE" description: "Setting value" + pg_extensions: + query: | + SELECT + current_database() as datname, + name as extname, + default_version, + installed_version, + CASE + WHEN default_version = installed_version THEN 0 + ELSE 1 + END AS update_available + FROM pg_catalog.pg_available_extensions + WHERE installed_version IS NOT NULL + metrics: + - datname: + usage: "LABEL" + description: "Name of the database" + - extname: + usage: "LABEL" + description: "Extension name" + - default_version: + usage: "LABEL" + description: "Default version" + - installed_version: + usage: "LABEL" + description: "Installed version" + - update_available: + usage: "GAUGE" + description: "An update is available" + target_databases: + - '*' # -- List of CloudNativePG databases to deploy databases: [] diff --git a/charts/envoy-gateway/Chart.lock b/charts/envoy-gateway/Chart.lock index 3ed1fb86..62e7e208 100644 --- a/charts/envoy-gateway/Chart.lock +++ b/charts/envoy-gateway/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: gateway-helm repository: oci://docker.io/envoyproxy - version: 1.7.1 -digest: sha256:22f2b7feb032b98c52190609e9ec5eefa1e69e86aab01091e0ac22c94a487c21 -generated: "2026-03-18T10:56:06.721494552Z" + version: 1.7.2 +digest: sha256:9f5fcdc0bb03dc52b634d13b304b3b89bf4439abfb3d62b7e6b13e55b0c9db48 +generated: "2026-04-22T11:09:37.352496207Z" diff --git a/charts/envoy-gateway/Chart.yaml b/charts/envoy-gateway/Chart.yaml index 3f83afe6..2cd7d6ad 100644 --- a/charts/envoy-gateway/Chart.yaml +++ b/charts/envoy-gateway/Chart.yaml @@ -2,14 +2,14 @@ apiVersion: v2 name: envoy-gateway description: Helm chart to deploy Envoy Gateway on Kubernetes type: application -version: 0.1.4 -appVersion: "v1.7.1" +version: 0.1.5 +appVersion: "v1.7.2" maintainers: - name: hamzatalbi email: hamzatalbi831@gmail.com url: https://github.com/TalbiHamza dependencies: - name: gateway-helm - version: 1.7.1 + version: 1.7.2 repository: "oci://docker.io/envoyproxy" alias: envoy-gateway diff --git a/charts/envoy-gateway/README.md b/charts/envoy-gateway/README.md index 84c82f93..aab74931 100644 --- a/charts/envoy-gateway/README.md +++ b/charts/envoy-gateway/README.md @@ -1,6 +1,6 @@ # envoy-gateway -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.7.1](https://img.shields.io/badge/AppVersion-v1.7.1-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.7.2](https://img.shields.io/badge/AppVersion-v1.7.2-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| oci://docker.io/envoyproxy | envoy-gateway(gateway-helm) | 1.7.1 | +| oci://docker.io/envoyproxy | envoy-gateway(gateway-helm) | 1.7.2 | ## Maintainers @@ -70,10 +70,10 @@ Helm chart to deploy Envoy Gateway on Kubernetes | envoy-gateway.deployment.replicas | int | `1` | | | envoy-gateway.global.imagePullSecrets | list | `[]` | Global override for image pull secrets | | envoy-gateway.global.imageRegistry | string | `""` | Global override for image registry | -| envoy-gateway.global.images.envoyGateway.image | string | `"docker.io/envoyproxy/gateway:v1.7.1"` | | +| envoy-gateway.global.images.envoyGateway.image | string | `"docker.io/envoyproxy/gateway:v1.7.2"` | | | envoy-gateway.global.images.envoyGateway.pullPolicy | string | `"IfNotPresent"` | | | envoy-gateway.global.images.envoyGateway.pullSecrets | list | `[]` | | -| envoy-gateway.global.images.ratelimit.image | string | `"docker.io/envoyproxy/ratelimit:c8765e89"` | | +| envoy-gateway.global.images.ratelimit.image | string | `"docker.io/envoyproxy/ratelimit:05c08d03"` | | | envoy-gateway.global.images.ratelimit.pullPolicy | string | `"IfNotPresent"` | | | envoy-gateway.global.images.ratelimit.pullSecrets | list | `[]` | | | envoy-gateway.hpa.behavior | object | `{}` | | @@ -138,7 +138,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.4" + targetRevision: "0.1.5" chart: envoy-gateway path: '' helm: diff --git a/charts/envoy-gateway/charts/gateway-helm-1.7.1.tgz b/charts/envoy-gateway/charts/gateway-helm-1.7.1.tgz deleted file mode 100644 index 860f377d..00000000 Binary files a/charts/envoy-gateway/charts/gateway-helm-1.7.1.tgz and /dev/null differ diff --git a/charts/envoy-gateway/charts/gateway-helm-1.7.2.tgz b/charts/envoy-gateway/charts/gateway-helm-1.7.2.tgz new file mode 100644 index 00000000..a5a24ae5 Binary files /dev/null and b/charts/envoy-gateway/charts/gateway-helm-1.7.2.tgz differ diff --git a/charts/envoy-gateway/values.yaml b/charts/envoy-gateway/values.yaml index a52e909a..8b9a7bbc 100644 --- a/charts/envoy-gateway/values.yaml +++ b/charts/envoy-gateway/values.yaml @@ -66,7 +66,7 @@ envoy-gateway: images: envoyGateway: # This is the full image name including the hub, repo, and tag. - image: docker.io/envoyproxy/gateway:v1.7.1 + image: docker.io/envoyproxy/gateway:v1.7.2 # Specify image pull policy if default behavior isn't desired. # Default behavior: latest images will be Always else IfNotPresent. pullPolicy: IfNotPresent @@ -74,7 +74,7 @@ envoy-gateway: pullSecrets: [] ratelimit: # This is the full image name including the hub, repo, and tag. - image: "docker.io/envoyproxy/ratelimit:c8765e89" + image: "docker.io/envoyproxy/ratelimit:05c08d03" # Specify image pull policy if default behavior isn't desired. # Default behavior: latest images will be Always else IfNotPresent. pullPolicy: IfNotPresent @@ -200,7 +200,6 @@ envoy-gateway: topologyInjector: enabled: true annotations: {} - gatewayClass: enabled: true name: envoy-gateway diff --git a/charts/eso/Chart.lock b/charts/eso/Chart.lock index c7eecbb4..1651f286 100644 --- a/charts/eso/Chart.lock +++ b/charts/eso/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: external-secrets repository: https://charts.external-secrets.io - version: 2.2.0 -digest: sha256:25b4be977fdc38f787adf140fb01ff3afebb908a388c1a6f3c39258388a9823b -generated: "2026-03-25T10:52:48.247216804Z" + version: 2.3.0 +digest: sha256:70c91e99b7f523ef6f6bd0a71e13f4008c802d51779d069a0d4fb5dc4b5b87bb +generated: "2026-04-22T11:09:48.456052715Z" diff --git a/charts/eso/Chart.yaml b/charts/eso/Chart.yaml index 0ecf5245..1f11be58 100644 --- a/charts/eso/Chart.yaml +++ b/charts/eso/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: eso description: A Helm chart ESO for Kubernetes type: application -version: 0.2.1 -appVersion: "v2.2.0" +version: 0.2.2 +appVersion: "v2.3.0" dependencies: - name: external-secrets - version: 2.2.0 + version: 2.3.0 repository: https://charts.external-secrets.io alias: eso maintainers: diff --git a/charts/eso/README.md b/charts/eso/README.md index 63485e16..770d6595 100644 --- a/charts/eso/README.md +++ b/charts/eso/README.md @@ -1,6 +1,6 @@ # eso -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.2.0](https://img.shields.io/badge/AppVersion-v2.2.0-informational?style=flat-square) +![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.3.0](https://img.shields.io/badge/AppVersion-v2.3.0-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://charts.external-secrets.io | eso(external-secrets) | 2.2.0 | +| https://charts.external-secrets.io | eso(external-secrets) | 2.3.0 | ## Maintainers @@ -221,6 +221,9 @@ A Helm chart ESO for Kubernetes | eso.systemAuthDelegator | bool | `false` | If true the system:auth-delegator ClusterRole will be added to RBAC | | eso.tolerations | list | `[]` | | | eso.topologySpreadConstraints | list | `[]` | | +| eso.vault | object | `{"enableTokenCache":false,"tokenCacheSize":262144}` | Vault token cache configuration | +| eso.vault.enableTokenCache | bool | `false` | Enable Vault token cache. External secrets will reuse the Vault token without creating a new one on each request. | +| eso.vault.tokenCacheSize | int | `262144` | Maximum size of Vault token cache. Only used if enableTokenCache is true. | | eso.webhook.affinity | object | `{}` | | | eso.webhook.annotations | object | `{}` | Annotations to place on validating webhook configuration. | | eso.webhook.certCheckInterval | string | `"5m"` | Specifies the time to check if the cert is valid | @@ -322,7 +325,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.2.1" + targetRevision: "0.2.2" chart: eso path: '' diff --git a/charts/eso/charts/external-secrets-2.2.0.tgz b/charts/eso/charts/external-secrets-2.2.0.tgz deleted file mode 100644 index fa06c4fe..00000000 Binary files a/charts/eso/charts/external-secrets-2.2.0.tgz and /dev/null differ diff --git a/charts/eso/charts/external-secrets-2.3.0.tgz b/charts/eso/charts/external-secrets-2.3.0.tgz new file mode 100644 index 00000000..5f0c0f58 Binary files /dev/null and b/charts/eso/charts/external-secrets-2.3.0.tgz differ diff --git a/charts/eso/values.yaml b/charts/eso/values.yaml index b1a99903..3f48ae68 100644 --- a/charts/eso/values.yaml +++ b/charts/eso/values.yaml @@ -170,6 +170,13 @@ eso: # -- if true, HTTP2 will be enabled for the services created by all controllers, curently metrics and webhook. enableHTTP2: false + # -- Vault token cache configuration + vault: + # -- Enable Vault token cache. External secrets will reuse the Vault token without creating a new one on each request. + enableTokenCache: false + # -- Maximum size of Vault token cache. Only used if enableTokenCache is true. + tokenCacheSize: 262144 + # -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at # a time. concurrent: 1 diff --git a/charts/hydra/Chart.lock b/charts/hydra/Chart.lock index ec246b75..0c1ad63a 100644 --- a/charts/hydra/Chart.lock +++ b/charts/hydra/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: hydra repository: https://k8s.ory.sh/helm/charts - version: 0.61.0 -digest: sha256:ee1e6fe8a46c3de762d1893931bd19505120addb3c932d94949c24631feae43c -generated: "2026-03-25T10:54:07.103177597Z" + version: 0.61.1 +digest: sha256:415888a956c523d73b2bccc3fb31598f860fce58d99a5d2cbce62aee5fc468a8 +generated: "2026-04-22T11:10:00.148151092Z" diff --git a/charts/hydra/Chart.yaml b/charts/hydra/Chart.yaml index 1f1ba7b5..733aa856 100644 --- a/charts/hydra/Chart.yaml +++ b/charts/hydra/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: hydra description: A Helm chart for Kubernetes type: application -version: 0.1.1 +version: 0.1.2 appVersion: "v26.2.0" maintainers: - name: hamzatalbi @@ -10,6 +10,6 @@ maintainers: url: https://github.com/TalbiHamza dependencies: - name: hydra - version: 0.61.0 + version: 0.61.1 repository: "https://k8s.ory.sh/helm/charts" alias: hydra diff --git a/charts/hydra/README.md b/charts/hydra/README.md index be60148e..88d3fab5 100644 --- a/charts/hydra/README.md +++ b/charts/hydra/README.md @@ -1,6 +1,6 @@ # hydra -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v26.2.0](https://img.shields.io/badge/AppVersion-v26.2.0-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v26.2.0](https://img.shields.io/badge/AppVersion-v26.2.0-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://k8s.ory.sh/helm/charts | hydra(hydra) | 0.61.0 | +| https://k8s.ory.sh/helm/charts | hydra(hydra) | 0.61.1 | ## Maintainers @@ -214,7 +214,7 @@ A Helm chart for Kubernetes | hydra.serviceMonitor.scrapeInterval | string | `"60s"` | Interval at which metrics should be scraped | | hydra.serviceMonitor.scrapeTimeout | string | `"30s"` | Timeout after which the scrape is ended | | hydra.serviceMonitor.tlsConfig | object | `{}` | TLS configuration to use when scraping the endpoint | -| hydra.test.busybox | object | `{"repository":"busybox","tag":"stable"}` | use a busybox image from another repository | +| hydra.test.busybox | object | `{"registry":"docker.io","repository":"busybox","tag":"stable"}` | use a busybox image from another repository | | hydra.test.labels | object | `{}` | Provide additional labels to the test pod | | hydra.watcher.automountServiceAccountToken | bool | `true` | | | hydra.watcher.enabled | bool | `false` | | @@ -259,7 +259,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.1" + targetRevision: "0.1.2" chart: hydra path: '' helm: diff --git a/charts/hydra/charts/hydra-0.61.0.tgz b/charts/hydra/charts/hydra-0.61.0.tgz deleted file mode 100644 index 5b9ff07e..00000000 Binary files a/charts/hydra/charts/hydra-0.61.0.tgz and /dev/null differ diff --git a/charts/hydra/charts/hydra-0.61.1.tgz b/charts/hydra/charts/hydra-0.61.1.tgz new file mode 100644 index 00000000..6741da04 Binary files /dev/null and b/charts/hydra/charts/hydra-0.61.1.tgz differ diff --git a/charts/hydra/values.yaml b/charts/hydra/values.yaml index 1929657c..c3772d81 100644 --- a/charts/hydra/values.yaml +++ b/charts/hydra/values.yaml @@ -743,5 +743,6 @@ hydra: labels: {} # -- use a busybox image from another repository busybox: + registry: "docker.io" repository: busybox tag: stable diff --git a/charts/keto/Chart.lock b/charts/keto/Chart.lock index 9e87ce12..b0483de6 100644 --- a/charts/keto/Chart.lock +++ b/charts/keto/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: keto repository: https://k8s.ory.sh/helm/charts - version: 0.61.0 -digest: sha256:3efad8c19c285498edc3bae26d76035558e76739175defc242127a61714e90a4 -generated: "2026-03-25T10:53:02.99296256Z" + version: 0.61.1 +digest: sha256:8b55c36c9cf9bfa66e3e441783fdf5a5ee90446e1f2a293416af6ff782b15dd9 +generated: "2026-04-22T11:10:14.993632508Z" diff --git a/charts/keto/Chart.yaml b/charts/keto/Chart.yaml index 8919acbd..5c010ace 100644 --- a/charts/keto/Chart.yaml +++ b/charts/keto/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: keto description: A Helm chart for Kubernetes -version: 0.1.7 +version: 0.1.8 appVersion: "v26.2.0" maintainers: - name: hamzatalbi @@ -9,6 +9,6 @@ maintainers: url: https://github.com/TalbiHamza dependencies: - name: keto - version: 0.61.0 + version: 0.61.1 repository: "https://k8s.ory.sh/helm/charts" alias: keto diff --git a/charts/keto/README.md b/charts/keto/README.md index 7f3e80c9..c7b9629e 100644 --- a/charts/keto/README.md +++ b/charts/keto/README.md @@ -1,6 +1,6 @@ # keto -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![AppVersion: v26.2.0](https://img.shields.io/badge/AppVersion-v26.2.0-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![AppVersion: v26.2.0](https://img.shields.io/badge/AppVersion-v26.2.0-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://k8s.ory.sh/helm/charts | keto(keto) | 0.61.0 | +| https://k8s.ory.sh/helm/charts | keto(keto) | 0.61.1 | ## Maintainers @@ -198,7 +198,7 @@ A Helm chart for Kubernetes | keto.serviceMonitor.scrapeInterval | string | `"60s"` | Interval at which metrics should be scraped | | keto.serviceMonitor.scrapeTimeout | string | `"30s"` | Timeout after which the scrape is ended | | keto.serviceMonitor.tlsConfig | object | `{}` | TLS configuration to use when scraping the endpoint | -| keto.test.busybox | object | `{"repository":"busybox","tag":"stable"}` | use a busybox image from another repository | +| keto.test.busybox | object | `{"registry":"docker.io","repository":"busybox","tag":"stable"}` | use a busybox image from another repository | | keto.test.labels | object | `{}` | Provide additional labels to the test pod | | keto.watcher.automountServiceAccountToken | bool | `true` | | | keto.watcher.enabled | bool | `false` | | @@ -243,7 +243,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.7" + targetRevision: "0.1.8" chart: keto path: '' helm: diff --git a/charts/keto/charts/keto-0.61.0.tgz b/charts/keto/charts/keto-0.61.0.tgz deleted file mode 100644 index 01dbbf8f..00000000 Binary files a/charts/keto/charts/keto-0.61.0.tgz and /dev/null differ diff --git a/charts/keto/charts/keto-0.61.1.tgz b/charts/keto/charts/keto-0.61.1.tgz new file mode 100644 index 00000000..dc827994 Binary files /dev/null and b/charts/keto/charts/keto-0.61.1.tgz differ diff --git a/charts/keto/values.yaml b/charts/keto/values.yaml index c3bc6537..e09d953a 100644 --- a/charts/keto/values.yaml +++ b/charts/keto/values.yaml @@ -532,10 +532,9 @@ keto: labels: {} # -- use a busybox image from another repository busybox: + registry: "docker.io" repository: busybox tag: stable - - # -- Namespaces configuration namespacesConfig: "" # -- External secrets configuration. This is used to create ExternalSecret resources when using the helm chart with the external-secrets operator. diff --git a/charts/kratos/Chart.lock b/charts/kratos/Chart.lock index 6e22b4cc..ecbd54b2 100644 --- a/charts/kratos/Chart.lock +++ b/charts/kratos/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kratos repository: https://k8s.ory.sh/helm/charts - version: 0.61.0 -digest: sha256:9f0a231e8e18a1445c0b861927d6c52e57b972fa2a701eec91b51fe7ed9683a1 -generated: "2026-04-01T17:06:43.125483717Z" + version: 0.61.1 +digest: sha256:4c68bc162ce735a14af4fd0d877f4b08e48b807f0b2b6714b1e8363cd4335ede +generated: "2026-04-22T11:10:29.897164753Z" diff --git a/charts/kratos/Chart.yaml b/charts/kratos/Chart.yaml index 31faa025..2a8ae4c8 100644 --- a/charts/kratos/Chart.yaml +++ b/charts/kratos/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: kratos description: A Helm chart for Kubernetes -version: 0.1.6 +version: 0.1.7 appVersion: "v26.2.0" maintainers: - name: hamzatalbi @@ -9,6 +9,6 @@ maintainers: url: https://github.com/TalbiHamza dependencies: - name: kratos - version: 0.61.0 + version: 0.61.1 repository: "https://k8s.ory.sh/helm/charts" alias: kratos diff --git a/charts/kratos/README.md b/charts/kratos/README.md index 17165a7c..b551e518 100644 --- a/charts/kratos/README.md +++ b/charts/kratos/README.md @@ -1,6 +1,6 @@ # kratos -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![AppVersion: v26.2.0](https://img.shields.io/badge/AppVersion-v26.2.0-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![AppVersion: v26.2.0](https://img.shields.io/badge/AppVersion-v26.2.0-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://k8s.ory.sh/helm/charts | kratos(kratos) | 0.61.0 | +| https://k8s.ory.sh/helm/charts | kratos(kratos) | 0.61.1 | ## Maintainers @@ -110,7 +110,6 @@ A Helm chart for Kubernetes | kratos.global.podMetadata | object | `{"annotations":{},"labels":{}}` | Specify pod metadata, this metadata is added directly to the pod, and not higher objects | | kratos.global.podMetadata.annotations | object | `{}` | Extra pod level annotations | | kratos.global.podMetadata.labels | object | `{}` | Extra pod level labels | -| kratos.httproutes | list | `[]` | Define custom HTTP routes to be added to the Kratos configuration. | | kratos.image.pullPolicy | string | `"IfNotPresent"` | | | kratos.image.registry | string | `"docker.io"` | ORY KRATOS image registry | | kratos.image.repository | string | `"oryd/kratos"` | ORY KRATOS image | @@ -257,7 +256,7 @@ A Helm chart for Kubernetes | kratos.strategy.rollingUpdate.maxSurge | string | `"25%"` | | | kratos.strategy.rollingUpdate.maxUnavailable | string | `"25%"` | | | kratos.strategy.type | string | `"RollingUpdate"` | | -| kratos.test.busybox | object | `{"repository":"busybox","tag":"stable"}` | use a busybox image from another repository | +| kratos.test.busybox | object | `{"registry":"docker.io","repository":"busybox","tag":"stable"}` | use a busybox image from another repository | | kratos.watcher.automountServiceAccountToken | bool | `true` | | | kratos.watcher.enabled | bool | `false` | | | kratos.watcher.image | string | `"oryd/k8s-toolbox:v0.0.10"` | | @@ -300,7 +299,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.6" + targetRevision: "0.1.7" chart: kratos path: '' helm: diff --git a/charts/kratos/charts/kratos-0.61.0.tgz b/charts/kratos/charts/kratos-0.61.0.tgz deleted file mode 100644 index fb3d6b06..00000000 Binary files a/charts/kratos/charts/kratos-0.61.0.tgz and /dev/null differ diff --git a/charts/kratos/charts/kratos-0.61.1.tgz b/charts/kratos/charts/kratos-0.61.1.tgz new file mode 100644 index 00000000..88f55a3e Binary files /dev/null and b/charts/kratos/charts/kratos-0.61.1.tgz differ diff --git a/charts/kratos/values.yaml b/charts/kratos/values.yaml index 28c725a9..e1df338d 100644 --- a/charts/kratos/values.yaml +++ b/charts/kratos/values.yaml @@ -837,13 +837,9 @@ kratos: test: # -- use a busybox image from another repository busybox: + registry: "docker.io" repository: busybox tag: stable - - # -- Define custom HTTP routes to be added to the Kratos configuration. - httproutes: [] - - # -- External secrets configuration. This is used to create ExternalSecret resources when using the helm chart with the external-secrets operator. externalSecrets: [] # -- Databases configuration. This is used to create PostgreSQL Database resources for the application. diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index 4af3f0d1..f59fe110 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kube-prometheus-stack repository: https://prometheus-community.github.io/helm-charts - version: 82.16.0 -digest: sha256:d06c8eb7bfd4dae9748ec67de213c8a303a0b09bf17ed2b83f6e0b13a928ac12 -generated: "2026-04-01T17:07:15.375563261Z" + version: 83.7.0 +digest: sha256:41a2ae79f82f167700d2e49d4d58e0ea2a607b77245a9e7ecd30ddbd7da7abf5 +generated: "2026-04-22T11:10:45.469321992Z" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index d6f42434..e164a33c 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -15,15 +15,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.89.0" +appVersion: "v0.90.1" dependencies: - name: kube-prometheus-stack - version: 82.16.0 + version: 83.7.0 repository: "https://prometheus-community.github.io/helm-charts" alias: kubePrometheusStack diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index 10221d8b..20f1e1d5 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -1,6 +1,6 @@ # kube-prometheus-stack -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.89.0](https://img.shields.io/badge/AppVersion-v0.89.0-informational?style=flat-square) +![Version: 0.1.14](https://img.shields.io/badge/Version-0.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.90.1](https://img.shields.io/badge/AppVersion-v0.90.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://prometheus-community.github.io/helm-charts | kubePrometheusStack(kube-prometheus-stack) | 82.16.0 | +| https://prometheus-community.github.io/helm-charts | kubePrometheusStack(kube-prometheus-stack) | 83.7.0 | ## Description @@ -50,7 +50,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.alertmanagerSpec.image.registry | string | `"quay.io"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.image.repository | string | `"prometheus/alertmanager"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.image.sha | string | `""` | | -| kubePrometheusStack.alertmanager.alertmanagerSpec.image.tag | string | `"v0.31.1"` | | +| kubePrometheusStack.alertmanager.alertmanagerSpec.image.tag | string | `"v0.32.0"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.initContainers | list | `[]` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.listenLocal | bool | `false` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.logFormat | string | `"logfmt"` | | @@ -150,7 +150,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.podDisruptionBudget.enabled | bool | `false` | | | kubePrometheusStack.alertmanager.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.alertmanager.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | -| kubePrometheusStack.alertmanager.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | +| kubePrometheusStack.alertmanager.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[],"sessionPersistence":{}}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | | kubePrometheusStack.alertmanager.route.main.apiVersion | string | `"gateway.networking.k8s.io/v1"` | Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2 | | kubePrometheusStack.alertmanager.route.main.enabled | bool | `false` | Enables or disables the route | | kubePrometheusStack.alertmanager.route.main.httpsRedirect | bool | `false` | create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects) # Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect. # matches, filters and additionalRules will be ignored if this is set to true. Be are | @@ -240,6 +240,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.crds.enabled | bool | `true` | | | kubePrometheusStack.crds.upgradeJob.affinity | object | `{}` | | | kubePrometheusStack.crds.upgradeJob.annotations | object | `{}` | | +| kubePrometheusStack.crds.upgradeJob.automountServiceAccountToken | bool | `true` | | | kubePrometheusStack.crds.upgradeJob.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | kubePrometheusStack.crds.upgradeJob.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | | kubePrometheusStack.crds.upgradeJob.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | | @@ -820,7 +821,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.image.registry | string | `"quay.io"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.repository | string | `"prometheus/prometheus"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.sha | string | `""` | | -| kubePrometheusStack.prometheus.prometheusSpec.image.tag | string | `"v3.10.0"` | | +| kubePrometheusStack.prometheus.prometheusSpec.image.tag | string | `"v3.11.2"` | | | kubePrometheusStack.prometheus.prometheusSpec.initContainers | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.listenLocal | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.logFormat | string | `"logfmt"` | | @@ -901,7 +902,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.volumes | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.walCompression | bool | `true` | | | kubePrometheusStack.prometheus.prometheusSpec.web | object | `{}` | | -| kubePrometheusStack.prometheus.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | +| kubePrometheusStack.prometheus.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[],"sessionPersistence":{}}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | | kubePrometheusStack.prometheus.route.main.apiVersion | string | `"gateway.networking.k8s.io/v1"` | Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2 | | kubePrometheusStack.prometheus.route.main.enabled | bool | `false` | Enables or disables the route | | kubePrometheusStack.prometheus.route.main.httpsRedirect | bool | `false` | create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects) # Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect. # matches, filters and additionalRules will be ignored if this is set to true. Be are | @@ -1101,7 +1102,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.registry | string | `"ghcr.io"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.repository | string | `"jkroepke/kube-webhook-certgen"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.sha | string | `""` | | -| kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.tag | string | `"1.8.0"` | | +| kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.tag | string | `"1.8.1"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.priorityClassName | string | `""` | | @@ -1250,7 +1251,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.thanosRuler.podDisruptionBudget.enabled | bool | `false` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | -| kubePrometheusStack.thanosRuler.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | +| kubePrometheusStack.thanosRuler.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[],"sessionPersistence":{}}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | | kubePrometheusStack.thanosRuler.route.main.apiVersion | string | `"gateway.networking.k8s.io/v1"` | Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2 | | kubePrometheusStack.thanosRuler.route.main.enabled | bool | `false` | Enables or disables the route | | kubePrometheusStack.thanosRuler.route.main.httpsRedirect | bool | `false` | create http route for redirect (https://gateway-api.sigs.k8s.io/guides/http-redirect-rewrite/#http-to-https-redirects) # Take care that you only enable this on the http listener of the gateway to avoid an infinite redirect. # matches, filters and additionalRules will be ignored if this is set to true. Be are | @@ -1372,7 +1373,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.13" + targetRevision: "0.1.14" chart: kube-prometheus-stack path: '' helm: diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-82.16.0.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-82.16.0.tgz deleted file mode 100644 index f7674cee..00000000 Binary files a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-82.16.0.tgz and /dev/null differ diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-83.7.0.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-83.7.0.tgz new file mode 100644 index 00000000..ea8a90a9 Binary files /dev/null and b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-83.7.0.tgz differ diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index 6ba83c09..ff7751d3 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -134,6 +134,10 @@ kubePrometheusStack: labels: {} automountServiceAccountToken: true + ## Automounting API credentials for upgrade crd job pod. + ## + automountServiceAccountToken: true + ## Container-specific security context configuration ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @@ -699,6 +703,14 @@ kubePrometheusStack: ## Filters define the filters that are applied to requests that match this rule. filters: [] + ## Session persistence configuration for the route rule. + sessionPersistence: {} + # sessionName: route + # type: Cookie + # absoluteTimeout: 12h + # cookieConfig: + # lifetimeType: Permanent + ## Additional custom rules that can be added to the route additionalRules: [] @@ -946,7 +958,7 @@ kubePrometheusStack: image: registry: quay.io repository: prometheus/alertmanager - tag: v0.31.1 + tag: v0.32.0 sha: "" pullPolicy: IfNotPresent @@ -1177,7 +1189,7 @@ kubePrometheusStack: containers: [] # containers: # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1 + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2 # args: # - --upstream=http://127.0.0.1:9093 # - --http-address=0.0.0.0:8081 @@ -1275,7 +1287,7 @@ kubePrometheusStack: # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. - ## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml + ## Using default values from https://github.com/grafana-community/helm-charts/blob/main/charts/grafana/values.yaml ## grafana: enabled: true @@ -2989,7 +3001,7 @@ kubePrometheusStack: image: registry: ghcr.io repository: jkroepke/kube-webhook-certgen - tag: 1.8.0 + tag: 1.8.1 sha: "" pullPolicy: IfNotPresent resources: {} @@ -3892,6 +3904,14 @@ kubePrometheusStack: ## Filters define the filters that are applied to requests that match this rule. filters: [] + ## Session persistence configuration for the route rule. + sessionPersistence: {} + # sessionName: route + # type: Cookie + # absoluteTimeout: 12h + # cookieConfig: + # lifetimeType: Permanent + ## Additional custom rules that can be added to the route additionalRules: [] @@ -4136,7 +4156,7 @@ kubePrometheusStack: image: registry: quay.io repository: prometheus/prometheus - tag: v3.10.0 + tag: v3.11.2 sha: "" pullPolicy: IfNotPresent @@ -4656,7 +4676,7 @@ kubePrometheusStack: containers: [] # containers: # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.1 + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.15.2 # args: # - --upstream=http://127.0.0.1:9090 # - --http-address=0.0.0.0:8081 @@ -5128,6 +5148,14 @@ kubePrometheusStack: ## Filters define the filters that are applied to requests that match this rule. filters: [] + ## Session persistence configuration for the route rule. + sessionPersistence: {} + # sessionName: route + # type: Cookie + # absoluteTimeout: 12h + # cookieConfig: + # lifetimeType: Permanent + ## Additional custom rules that can be added to the route additionalRules: [] diff --git a/charts/oathkeeper/Chart.lock b/charts/oathkeeper/Chart.lock index a5ff3895..e452ac32 100644 --- a/charts/oathkeeper/Chart.lock +++ b/charts/oathkeeper/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: oathkeeper repository: https://k8s.ory.sh/helm/charts - version: 0.61.0 -digest: sha256:067b46371c6213ca85f9d98a9ef8a438fdb1e51181edd8440193c94ba0da0cc8 -generated: "2026-03-25T10:51:55.233394917Z" + version: 0.61.1 +digest: sha256:a40d94f17e218b239ea6d2c96d01b29d3fb1cfbfd92c6711a0310107752f6fdc +generated: "2026-04-22T11:10:59.659455079Z" diff --git a/charts/oathkeeper/Chart.yaml b/charts/oathkeeper/Chart.yaml index eb95fa9e..8b5fdaf2 100644 --- a/charts/oathkeeper/Chart.yaml +++ b/charts/oathkeeper/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: oathkeeper description: A Helm chart for Kubernetes type: application -version: 0.1.2 +version: 0.1.3 appVersion: "v26.2.0" maintainers: - name: hamzatalbi @@ -10,6 +10,6 @@ maintainers: url: https://github.com/TalbiHamza dependencies: - name: oathkeeper - version: 0.61.0 + version: 0.61.1 repository: "https://k8s.ory.sh/helm/charts" alias: oathkeeper diff --git a/charts/oathkeeper/README.md b/charts/oathkeeper/README.md index 78e0f298..02da6e2e 100644 --- a/charts/oathkeeper/README.md +++ b/charts/oathkeeper/README.md @@ -1,6 +1,6 @@ # oathkeeper -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v26.2.0](https://img.shields.io/badge/AppVersion-v26.2.0-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v26.2.0](https://img.shields.io/badge/AppVersion-v26.2.0-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://k8s.ory.sh/helm/charts | oathkeeper(oathkeeper) | 0.61.0 | +| https://k8s.ory.sh/helm/charts | oathkeeper(oathkeeper) | 0.61.1 | ## Maintainers @@ -69,7 +69,6 @@ A Helm chart for Kubernetes | oathkeeper.global.podMetadata | object | `{"annotations":{},"labels":{}}` | Specify pod metadata, this metadata is added directly to the pod, and not higher objects | | oathkeeper.global.podMetadata.annotations | object | `{}` | Extra pod level annotations | | oathkeeper.global.podMetadata.labels | object | `{}` | Extra pod level labels | -| oathkeeper.httproutes | list | `[]` | | | oathkeeper.image.initContainer | object | `{"repository":"busybox","tag":"stable"}` | use a busybox image from another repository | | oathkeeper.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | oathkeeper.image.registry | string | `"docker.io"` | ORY Oathkeeper image registry | @@ -166,7 +165,7 @@ A Helm chart for Kubernetes | oathkeeper.sidecar.envs | object | `{}` | | | oathkeeper.sidecar.image.repository | string | `"oryd/oathkeeper-maester"` | | | oathkeeper.sidecar.image.tag | string | `"v0.1.13"` | | -| oathkeeper.test.busybox | object | `{"repository":"busybox","tag":"stable"}` | use a busybox image from another repository | +| oathkeeper.test.busybox | object | `{"registry":"docker.io","repository":"busybox","tag":"stable"}` | use a busybox image from another repository | | oathkeeper.test.labels | object | `{}` | Provide additional labels to the test pod | | prometheus.enabled | bool | `false` | Enables Prometheus Operator monitoring | | prometheus.grafanaDashboard.enabled | bool | `false` | Add grafana dashboard as a configmap | @@ -199,7 +198,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.2" + targetRevision: "0.1.3" chart: oathkeeper path: '' helm: diff --git a/charts/oathkeeper/charts/oathkeeper-0.61.0.tgz b/charts/oathkeeper/charts/oathkeeper-0.61.0.tgz deleted file mode 100644 index 82ecae35..00000000 Binary files a/charts/oathkeeper/charts/oathkeeper-0.61.0.tgz and /dev/null differ diff --git a/charts/oathkeeper/charts/oathkeeper-0.61.1.tgz b/charts/oathkeeper/charts/oathkeeper-0.61.1.tgz new file mode 100644 index 00000000..ce4510fd Binary files /dev/null and b/charts/oathkeeper/charts/oathkeeper-0.61.1.tgz differ diff --git a/charts/oathkeeper/values.yaml b/charts/oathkeeper/values.yaml index 8952edca..bb4e8edb 100644 --- a/charts/oathkeeper/values.yaml +++ b/charts/oathkeeper/values.yaml @@ -475,7 +475,6 @@ oathkeeper: labels: {} # -- use a busybox image from another repository busybox: + registry: "docker.io" repository: busybox tag: stable - - httproutes: [] diff --git a/charts/prometheus/Chart.lock b/charts/prometheus/Chart.lock index 149d35cb..6989bf1d 100644 --- a/charts/prometheus/Chart.lock +++ b/charts/prometheus/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: oauth2-proxy repository: https://oauth2-proxy.github.io/manifests - version: 10.4.2 -digest: sha256:5893853b0d9c71c94264bf3515f076e955cc3ae7e1f952296c77af3b92de25c3 -generated: "2026-04-01T17:07:28.930885809Z" + version: 10.4.3 +digest: sha256:7db17c7d333edef7e20d1a3220b1746850d7833329eec9fd44eaef0882a42477 +generated: "2026-04-22T11:11:14.018076732Z" diff --git a/charts/prometheus/Chart.yaml b/charts/prometheus/Chart.yaml index 3922022d..461e3ef0 100644 --- a/charts/prometheus/Chart.yaml +++ b/charts/prometheus/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Deploys Prometheus through prometheus operator name: prometheus -version: 0.1.6 +version: 0.1.7 appVersion: "v3.0.1" maintainers: - name: ilyasabdellaoui @@ -9,7 +9,7 @@ maintainers: url: https://github.com/ilyasabdellaoui dependencies: - name: oauth2-proxy - version: 10.4.2 + version: 10.4.3 repository: https://oauth2-proxy.github.io/manifests alias: oidc condition: oidc.enabled diff --git a/charts/prometheus/README.md b/charts/prometheus/README.md index 678696b0..658691cb 100644 --- a/charts/prometheus/README.md +++ b/charts/prometheus/README.md @@ -1,6 +1,6 @@ # prometheus -![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![AppVersion: v3.0.1](https://img.shields.io/badge/AppVersion-v3.0.1-informational?style=flat-square) +![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![AppVersion: v3.0.1](https://img.shields.io/badge/AppVersion-v3.0.1-informational?style=flat-square) ---- @@ -17,7 +17,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://oauth2-proxy.github.io/manifests | oidc(oauth2-proxy) | 10.4.2 | +| https://oauth2-proxy.github.io/manifests | oidc(oauth2-proxy) | 10.4.3 | ## Maintainers @@ -329,7 +329,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.6" + targetRevision: "0.1.7" chart: prometheus path: '' diff --git a/charts/prometheus/charts/oauth2-proxy-10.4.2.tgz b/charts/prometheus/charts/oauth2-proxy-10.4.2.tgz deleted file mode 100644 index 5b2c1b17..00000000 Binary files a/charts/prometheus/charts/oauth2-proxy-10.4.2.tgz and /dev/null differ diff --git a/charts/prometheus/charts/oauth2-proxy-10.4.3.tgz b/charts/prometheus/charts/oauth2-proxy-10.4.3.tgz new file mode 100644 index 00000000..a7d6a2ac Binary files /dev/null and b/charts/prometheus/charts/oauth2-proxy-10.4.3.tgz differ