diff --git a/bitnami/kubeapps/Chart.lock b/bitnami/kubeapps/Chart.lock index 15a7649694..e9461770a0 100644 --- a/bitnami/kubeapps/Chart.lock +++ b/bitnami/kubeapps/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 + version: 1.9.0 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.9.4 + version: 10.10.1 - name: redis repository: https://charts.bitnami.com/bitnami - version: 15.3.0 -digest: sha256:aeaec0be82187933fa9771b63d3c8bb6b82f33e0cbac6d548cfe182efda852f5 -generated: "2021-09-02T00:14:17.499728161Z" + version: 15.3.2 +digest: sha256:5d13ba8016e00a50bf270d0724e091197f3bea7941c55bdfd5ed834f7c8a4059 +generated: "2021-09-16T15:55:07.549983274+02:00" diff --git a/bitnami/kubeapps/Chart.yaml b/bitnami/kubeapps/Chart.yaml index a3ad196b58..7d07ef66fd 100644 --- a/bitnami/kubeapps/Chart.yaml +++ b/bitnami/kubeapps/Chart.yaml @@ -33,4 +33,4 @@ maintainers: name: kubeapps sources: - https://github.com/kubeapps/kubeapps -version: 7.5.0 +version: 7.5.1 diff --git a/bitnami/kubeapps/README.md b/bitnami/kubeapps/README.md index 93035c6b34..3be25ee57a 100644 --- a/bitnami/kubeapps/README.md +++ b/bitnami/kubeapps/README.md @@ -80,23 +80,21 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith ### Traffic Exposure Parameters -| Name | Description | Value | -| --------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | -| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingress.certManager.clusterIssuer` | Cert-manager integration: specify the ClusterIssuer to use | `""` | -| `ingress.certManager.httpIngressClass` | Cert-manager integration: specify the IngressClass to use to solve the challenges | `""` | -| `ingress.certManager.commonName` | Cert-manager integration: specify the common name | `""` | -| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| Name | Description | Value | +| --------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | +| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.certManager` | Set up the cert-manager integration | `{}` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | ### Frontend parameters @@ -173,7 +171,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | ------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------- | | `dashboard.image.registry` | Dashboard image registry | `docker.io` | | `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` | -| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.4.0-debian-10-r0` | +| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.4.0-debian-10-r13` | | `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | | `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | | `dashboard.image.debug` | Enable image debug mode | `false` | @@ -426,7 +424,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` | | `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `docker.io` | | `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `bitnami/kubeapps-pinniped-proxy` | -| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `2.4.0-debian-10-r1` | +| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `2.4.0-debian-10-r15` | | `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` | | `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` | | `pinnipedProxy.defaultPinnipedNamespace` | Specify the (default) namespace in which pinniped concierge is installed | `pinniped-concierge` | @@ -482,7 +480,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `[]` | | `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` | | `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `bitnami/kubeapps-apis` | -| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.4.0-debian-10-r1` | +| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.4.0-debian-10-r15` | | `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | | `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | | `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `1` | @@ -626,7 +624,7 @@ In the first two cases, it's needed a certificate and a key. We would expect the ``` - If you are going to use Helm to manage the certificates based on the parameters, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry. -- In case you are going to manage TLS secrets separately, please know that you must use a TLS secret with name *INGRESS_HOSTNAME-tls* (where *INGRESS_HOSTNAME* is a placeholder to be replaced with the hostname you set using the `ingress.hostname` parameter). +- In case you are going to manage TLS secrets separately, please know that you must use a TLS secret with name _INGRESS_HOSTNAME-tls_ (where _INGRESS_HOSTNAME_ is a placeholder to be replaced with the hostname you set using the `ingress.hostname` parameter). - To use self-signed certificates created by Helm, set both `ingress.tls` and `ingress.selfSigned` to `true`. - If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, set `ingress.certManager` boolean to true to enable the corresponding annotations for cert-manager. @@ -704,23 +702,24 @@ Have a look at the [dashboard documentation](https://github.com/kubeapps/kubeapp The example below will match the URL `http://example.com` to the Kubeapps dashboard. For further configuration, please refer to your specific Ingress configuration docs (e.g., [NGINX](https://github.com/kubernetes/ingress-nginx) or [HAProxy](https://github.com/haproxytech/kubernetes-ingress)). ```bash -helm install kubeapps --namespace kubeapps \ +helm install kubeapps bitnami/kubeapps \ + --namespace kubeapps \ --set ingress.enabled=true \ --set ingress.hostname=example.com \ - bitnami/kubeapps + --set ingress.annotations."kubernetes\.io/ingress\.class"=nginx # or your preferred ingress controller ``` #### Serving Kubeapps in a subpath -You may want to serve Kubeapps with a subpath, for instance `http://example.com/subpath`, you have to set the proper Ingress configuration. If you are using the ingress configuration provided by the Kubeapps chart, you will have to set the `ingress.extraHosts` parameter: +You may want to serve Kubeapps with a subpath, for instance `http://example.com/subpath`, you have to set the proper Ingress configuration. If you are using the ingress configuration provided by the Kubeapps chart, you will have to set the `ingress.hostname` and `path` parameters: ```bash -helm install kubeapps --namespace kubeapps \ - --set ingress.enabled=true - --set ingress.hostname="" - --set ingress.extraHosts[0].name="console.example.com" - --set ingress.extraHosts[0].path="/catalog" - bitnami/kubeapps +helm install kubeapps bitnami/kubeapps \ + --namespace kubeapps \ + --set ingress.enabled=true \ + --set ingress.hostname=example.com \ + --set ingress.path=/subpath \ + --set ingress.annotations."kubernetes\.io/ingress\.class"=nginx # or your preferred ingress controller ``` Besides, if you are using the OAuth2/OIDC login (more information at the [using an OIDC provider documentation](https://github.com/kubeapps/kubeapps/blob/master/docs/user/using-an-OIDC-provider.md)), you will need, also, to configure the different URLs: @@ -728,7 +727,7 @@ Besides, if you are using the OAuth2/OIDC login (more information at the [using ```bash helm install kubeapps bitnami/kubeapps \ --namespace kubeapps \ - # ... other OIDC flags + # ... other OIDC and ingress flags --set authProxy.oauthLoginURI="/subpath/oauth2/login" \ --set authProxy.oauthLogoutURI="/subpath/oauth2/logout" \ --set authProxy.additionalFlags="{,--proxy-prefix=/subpath/oauth2}" @@ -924,9 +923,9 @@ $ helm upgrade kubeapps bitnami/kubeapps -n kubeapps --set postgresql.postgresql **What changes were introduced in this major version?** - Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts +- Move dependency information from the _requirements.yaml_ to the _Chart.yaml_ +- After running `helm dependency update`, a _Chart.lock_ file is generated containing the same structure used in the previous _requirements.lock_ +- The different fields present in the _Chart.yaml_ file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - In the case of PostgreSQL subchart, apart from the same changes that are described in this section, there are also other major changes due to the master/slave nomenclature was replaced by primary/readReplica. [Here](https://github.com/bitnami/charts/pull/4385) you can find more information about the changes introduced. **Considerations when upgrading to this version** diff --git a/bitnami/kubeapps/crds/apprepository-crd.yaml b/bitnami/kubeapps/crds/apprepository-crd.yaml index 4320224727..02862a54be 100644 --- a/bitnami/kubeapps/crds/apprepository-crd.yaml +++ b/bitnami/kubeapps/crds/apprepository-crd.yaml @@ -28,7 +28,7 @@ spec: properties: type: type: string - enum: [ "helm", "oci" ] + enum: ["helm", "oci"] url: type: string description: diff --git a/bitnami/kubeapps/templates/_helpers.tpl b/bitnami/kubeapps/templates/_helpers.tpl index e40ec60773..34dd4bfc88 100644 --- a/bitnami/kubeapps/templates/_helpers.tpl +++ b/bitnami/kubeapps/templates/_helpers.tpl @@ -4,7 +4,7 @@ Return the proper Docker Image Registry Secret Names */}} {{- define "kubeapps.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.assetsvc.image .Values.kubeops.image .Values.authProxy.image .Values.pinnipedProxy.image .Values.testImage) "global" .Values.global) }} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.assetsvc.image .Values.kubeops.image .Values.authProxy.image .Values.pinnipedProxy.image .Values.kubeappsapis.image .Values.testImage) "global" .Values.global) }} {{- end -}} {{/* @@ -227,4 +227,5 @@ Check if there are rolling tags in the images {{- include "common.warnings.rollingTag" .Values.kubeops.image }} {{- include "common.warnings.rollingTag" .Values.authProxy.image }} {{- include "common.warnings.rollingTag" .Values.pinnipedProxy.image }} +{{- include "common.warnings.rollingTag" .Values.kubeappsapis.image }} {{- end -}} diff --git a/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml b/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml index bbd35d88f1..b902ded118 100644 --- a/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml +++ b/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml @@ -1,5 +1,5 @@ {{- range .Values.apprepository.initialRepos }} -{{- if or .caCert .authorizationHeader }} +{{- if or .caCert .authorizationHeader .basicAuth }} apiVersion: v1 kind: Secret metadata: @@ -21,9 +21,15 @@ data: ca.crt: |- {{ .caCert | b64enc }} {{- end }} + {{- $authorizationHeader := "" }} {{- if .authorizationHeader }} + {{- $authorizationHeader = .authorizationHeader }} + {{- else if .basicAuth }} + {{- $authorizationHeader = printf "Basic %s" (printf "%s:%s" .basicAuth.user .basicAuth.password | b64enc) }} + {{- end }} + {{- if $authorizationHeader }} authorizationHeader: |- - {{ .authorizationHeader | b64enc }} + {{ $authorizationHeader | b64enc }} {{- end }} --- {{/* credentials are required in the release namespace for syncer jobs */}} @@ -45,9 +51,9 @@ data: ca.crt: |- {{ .caCert | b64enc }} {{- end }} - {{- if .authorizationHeader }} + {{- if $authorizationHeader }} authorizationHeader: |- - {{ .authorizationHeader | b64enc }} + {{ $authorizationHeader | b64enc }} {{- end }} --- {{- end }} diff --git a/bitnami/kubeapps/templates/apprepository/apprepositories.yaml b/bitnami/kubeapps/templates/apprepository/apprepositories.yaml index ba8283f179..b603da5b4a 100644 --- a/bitnami/kubeapps/templates/apprepository/apprepositories.yaml +++ b/bitnami/kubeapps/templates/apprepository/apprepositories.yaml @@ -45,7 +45,7 @@ spec: nodeSelector: {{- toYaml .nodeSelector | nindent 8 }} {{- end }} {{- end }} - {{- if or .caCert .authorizationHeader }} + {{- if or .caCert .authorizationHeader .basicAuth }} auth: {{- if .caCert }} customCA: @@ -53,7 +53,7 @@ spec: key: ca.crt name: {{ printf "apprepo-%s-secrets" .name }} {{- end }} - {{- if .authorizationHeader }} + {{- if or .authorizationHeader .basicAuth }} header: secretKeyRef: key: authorizationHeader diff --git a/bitnami/kubeapps/templates/apprepository/deployment.yaml b/bitnami/kubeapps/templates/apprepository/deployment.yaml index dd1aeac93f..f52243894d 100644 --- a/bitnami/kubeapps/templates/apprepository/deployment.yaml +++ b/bitnami/kubeapps/templates/apprepository/deployment.yaml @@ -66,7 +66,7 @@ spec: - /apprepository-controller args: - --user-agent-comment=kubeapps/{{ .Chart.AppVersion }} - - --repo-sync-image={{ include "common.images.image" (dict "imageRoot" .Values.apprepository.syncImage "global" .Values.global) }} + - --repo-sync-image=$(REPO_SYNC_IMAGE) {{- if .Values.global }} {{- if.Values.global.imagePullSecrets }} {{- range $key, $value := .Values.global.imagePullSecrets }} @@ -89,6 +89,9 @@ spec: - --crontab={{ .Values.apprepository.crontab }} {{- end }} - --repos-per-namespace={{ .Values.apprepository.watchAllNamespaces }} + env: + - name: REPO_SYNC_IMAGE + value: {{ include "common.images.image" (dict "imageRoot" .Values.apprepository.syncImage "global" .Values.global) }} {{- if .Values.apprepository.resources }} resources: {{- toYaml .Values.apprepository.resources | nindent 12 }} {{- end }} diff --git a/bitnami/kubeapps/templates/ingress.yaml b/bitnami/kubeapps/templates/ingress.yaml index eb129415d6..6cefcced6d 100644 --- a/bitnami/kubeapps/templates/ingress.yaml +++ b/bitnami/kubeapps/templates/ingress.yaml @@ -34,20 +34,20 @@ spec: {{- toYaml .Values.ingress.extraPaths | nindent 10 }} {{- end }} - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ $.Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - host: {{ .name }} http: paths: - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ $.Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} {{- end }} {{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }} tls: diff --git a/bitnami/kubeapps/values.yaml b/bitnami/kubeapps/values.yaml index 2760599a57..a3740de691 100644 --- a/bitnami/kubeapps/values.yaml +++ b/bitnami/kubeapps/values.yaml @@ -413,7 +413,7 @@ dashboard: image: registry: docker.io repository: bitnami/kubeapps-dashboard - tag: 2.4.0-debian-10-r0 + tag: 2.4.0-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -707,24 +707,28 @@ apprepository: ## @param apprepository.initialRepos [array] Initial chart repositories to configure ## e.g: ## initialRepos: - ## - name: chartmuseum - ## url: https://chartmuseum.default:8080 - ## nodeSelector: - ## somelabel: somevalue - ## # Specify an Authorization Header if you are using an authentication method. - ## authorizationHeader: "Bearer xrxNC..." - ## # If you're providing your own certificates, please use this to add the certificates as secrets. - ## # It should start with -----BEGIN CERTIFICATE----- or - ## # -----BEGIN RSA PRIVATE KEY----- - ## caCert: - ## # Create this apprepository in a custom namespace - ## namespace: - ## # In case of an OCI registry, specify the type - ## type: oci - ## # And specify the list of repositories - ## ociRepositories: - ## - nginx - ## - jenkins + ## - name: chartmuseum + ## url: https://chartmuseum.default:8080 + ## nodeSelector: + ## somelabel: somevalue + ## # Specify an Authorization Header if you are using an authentication method: + ## authorizationHeader: "Bearer xrxNC..." + ## # Specify the credentials if you are using a basic authentication method: + ## basicAuth: + ## user: + ## password: + ## # If you're providing your own certificates, please use this to add the certificates as secrets. + ## # It should start with -----BEGIN CERTIFICATE----- or + ## # -----BEGIN RSA PRIVATE KEY----- + ## caCert: + ## # Create this apprepository in a custom namespace + ## namespace: + ## # In case of an OCI registry, specify the type + ## type: oci + ## # And specify the list of repositories + ## ociRepositories: + ## - nginx + ## - jenkins ## initialRepos: - name: bitnami @@ -1372,7 +1376,7 @@ pinnipedProxy: image: registry: docker.io repository: bitnami/kubeapps-pinniped-proxy - tag: 2.4.0-debian-10-r1 + tag: 2.4.0-debian-10-r15 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -1568,7 +1572,7 @@ kubeappsapis: image: registry: docker.io repository: bitnami/kubeapps-apis - tag: 2.4.0-debian-10-r1 + tag: 2.4.0-debian-10-r15 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images