diff --git a/charts/etcd/Chart.yaml b/charts/etcd/Chart.yaml
index d797d8f9b03e208b0e8c1ec03f2fc09db9ba680f..72e56f63fae7ce6cf765cea39f4b4b97cf47813e 100644
--- a/charts/etcd/Chart.yaml
+++ b/charts/etcd/Chart.yaml
@@ -7,6 +7,6 @@ type: application
maintainers:
- name: groundhog2k
-version: 0.1.5
+version: "0.1.6"
appVersion: "v3.5.9"
diff --git a/charts/etcd/README.md b/charts/etcd/README.md
index bc822027c0d108e1afc44cb92995bc83faa450f4..51fea0b047046d715a2593c44236362d8d1b6df3 100644
--- a/charts/etcd/README.md
+++ b/charts/etcd/README.md
@@ -1,6 +1,6 @@
# Etcd
-  
+  
## Changelog
@@ -73,7 +73,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -84,6 +87,7 @@ helm uninstall my-release
| serviceAccount.name | string | `""` | Optional name of the service account |
| affinity | object | `{}` | Affinity for pod assignment |
| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| podManagementPolicy | string | `"Parallel"` | Pod management policy |
| updateStrategyType | string | `"RollingUpdate"` | Pod update strategy |
| replicas | int | `1` | Number of replicas (Due to the nature of etcd cluster initialization this value must be set before deploying the cluster) |
@@ -105,6 +109,7 @@ helm uninstall my-release
| service.peer.port | int | `2380` | Peer service port |
| service.peer.nodePort | int | `nil` | Service node port (only relevant for type LoadBalancer or NodePort)|
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
## Service monitor parameters
@@ -118,6 +123,16 @@ helm uninstall my-release
| serviceMonitor.extraEndpointParameters | object | `nil` | Extra parameters rendered to the [service monitor endpoint](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint) |
| serviceMonitor.extraParameters | object | `nil` | Extra parameters rendered to the [service monitor object](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec) |
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
+
## Storage parameters
| Key | Type | Default | Description |
@@ -127,6 +142,8 @@ helm uninstall my-release
| storage.persistentVolumeClaimName | string | `nil` | PVC name when existing storage volume should be used |
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## Etcd settings
diff --git a/charts/etcd/RELEASENOTES.md b/charts/etcd/RELEASENOTES.md
index 2f8c4822bd24b1c14d6d58731ce69e96f41f84f2..bf4c773726768cccfdf3d4e18669ab733453fe87 100644
--- a/charts/etcd/RELEASENOTES.md
+++ b/charts/etcd/RELEASENOTES.md
@@ -8,4 +8,5 @@
| 0.1.3 | v3.5.7 | Fixed "nil" syntax error for health checks (thx @omegazeng) |
| 0.1.4 | v3.5.8 | Upgraded etcd to v3.5.8 |
| 0.1.5 | v3.5.9 | Upgraded etcd to v3.5.9 |
+| 0.1.6 | v3.5.9 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/etcd/templates/networkpolicy.yaml b/charts/etcd/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..404ec450c6899a68b4709243c2667d36936cb275
--- /dev/null
+++ b/charts/etcd/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "etcd.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "etcd.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/etcd/templates/service.yaml b/charts/etcd/templates/service.yaml
index 94ebe973c2dd4f56580bba48f2f0136f88c5fb15..cc27f61e08c33e9f58ec790188d621bfc04d6d55 100644
--- a/charts/etcd/templates/service.yaml
+++ b/charts/etcd/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "etcd.fullname" . }}
labels:
{{- include "etcd.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/etcd/templates/statefulset.yaml b/charts/etcd/templates/statefulset.yaml
index 08ff228050703593d828dc7d8808d69cb32eb267..1fb1f9cb91bc2208d76de6d1cd00e513209bd14c 100644
--- a/charts/etcd/templates/statefulset.yaml
+++ b/charts/etcd/templates/statefulset.yaml
@@ -9,6 +9,13 @@ metadata:
name: {{ $fullname }}
labels:
{{- include "etcd.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: {{ .Values.replicas }}
{{- if .Values.revisionHistoryLimit }}
@@ -30,6 +37,9 @@ spec:
{{- end }}
labels:
{{- include "etcd.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -193,6 +203,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
@@ -215,6 +229,14 @@ spec:
volumeClaimTemplates:
- metadata:
name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
{{- with .accessModes }}
accessModes:
diff --git a/charts/etcd/values.yaml b/charts/etcd/values.yaml
index 8e4a2c57fab7aea9688b611ad20efee59532b67b..d8a38749864bed9bc48e2f03781de61f6a83c512 100644
--- a/charts/etcd/values.yaml
+++ b/charts/etcd/values.yaml
@@ -19,6 +19,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Number of etcd replicas in the cluster
## Due to the nature of etcd cluster initialization this value must be set before deploying the cluster
## Automatic scaling or manually scaling the etcd cluster after first deployment is not supported
@@ -37,6 +43,9 @@ serviceAccount:
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod management policy
podManagementPolicy: Parallel
@@ -83,8 +92,10 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
## Service monitor configuration for Prometheus metrics
serviceMonitor:
@@ -114,10 +125,15 @@ resources: {}
## Additional node selector
nodeSelector: {}
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -216,3 +232,15 @@ storage:
## Default access mode (ReadWriteOnce)
accessModes:
- ReadWriteOnce
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/ghost/Chart.yaml b/charts/ghost/Chart.yaml
index 8a370a8ceda37da18f0027e50f40d9ba9dc3f5a9..f801ca113c8bcfe357ee5d899590494614592954 100644
--- a/charts/ghost/Chart.yaml
+++ b/charts/ghost/Chart.yaml
@@ -7,7 +7,7 @@ type: application
maintainers:
- name: groundhog2k
-version: "0.116.4"
+version: "0.116.5"
appVersion: "5.75.2"
diff --git a/charts/ghost/README.md b/charts/ghost/README.md
index 9c499137968fb21641ef0125a0fdcbb43ae3f4cc..46650a4af91eb860ea3087bde9cf1366e3f6fc2b 100644
--- a/charts/ghost/README.md
+++ b/charts/ghost/README.md
@@ -1,6 +1,6 @@
# Ghost
-  
+  
## Changelog
@@ -77,7 +77,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -88,6 +91,7 @@ helm uninstall my-release
| serviceAccount.annotations | object | `{}` | Additional service account annotations |
| affinity | object | `{}` | Affinity for pod assignment |
| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history
## Service paramters
@@ -100,6 +104,7 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
## Ingress parameters
@@ -108,13 +113,23 @@ helm uninstall my-release
| ingress.enabled | bool | `false` | Enable ingress for Ghost service |
| ingress.className | object | `{}` | Optional ingress class name |
| ingress.annotations | object | `{}` | Additional annotations for ingress |
-| ingress.labels | string | `nil` | Additional ingress lables |
+| ingress.labels | object | `{}` | Additional ingress lables |
| ingress.hosts[0].host | string | `""` | Hostname for the ingress endpoint |
| ingress.hosts[0].host.paths[0].path | string | `"/"` | Path of the Ghost UI |
| ingress.hosts[0].host.paths[0].pathType | string | `"ImplementationSpecific"` | Ingress path type (ImplementationSpecific, Prefix, Exact) |
| ingress.tls | list | `[]` | Ingress TLS parameters |
| ingress.maxBodySize | string | `"2m"` | Maximum body size for post requests |
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
+
## Storage parameters
| Key | Type | Default | Description |
@@ -124,6 +139,8 @@ helm uninstall my-release
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## Ghost parameters
diff --git a/charts/ghost/RELEASENOTES.md b/charts/ghost/RELEASENOTES.md
index d4dfec077cbb95b28c1f6773cc9c139119d257c5..f7f6b4e6d2e249cf69f64733bf8e7825a96e2705 100644
--- a/charts/ghost/RELEASENOTES.md
+++ b/charts/ghost/RELEASENOTES.md
@@ -181,4 +181,5 @@
| 0.116.2 | 5.75.2 | Upgraded to Ghost 5.75.2 |
| 0.116.3 | 5.75.2 | Added optional ingressClassName and removed deprecated api support |
| 0.116.4 | 5.75.2 | Refactored ingress configuration and added optional labels and pathType |
+| 0.116.5 | 5.75.2 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/ghost/templates/deployment.yaml b/charts/ghost/templates/deployment.yaml
index 706fd7b51825cb2187bd86e5f530753da3b8232c..ec6b36ff4816892e7c7d166dc601b527c22b44d2 100644
--- a/charts/ghost/templates/deployment.yaml
+++ b/charts/ghost/templates/deployment.yaml
@@ -4,6 +4,13 @@ metadata:
name: {{ include "ghost.fullname" . }}
labels:
{{- include "ghost.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: 1
{{- if .Values.revisionHistoryLimit }}
@@ -20,11 +27,14 @@ spec:
metadata:
annotations:
checksum/secureconfig: {{ include (print $.Template.BasePath "/secureconfig.yaml") . | sha256sum }}
- {{- with .Values.podAnnotations }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "ghost.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -186,6 +196,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
diff --git a/charts/ghost/templates/networkpolicy.yaml b/charts/ghost/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e5ae363c0d33cc2099faa17b7fb850d3d483bf44
--- /dev/null
+++ b/charts/ghost/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "ghost.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "ghost.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ghost/templates/pvc.yaml b/charts/ghost/templates/pvc.yaml
index c0cff68ff0947d4bbc196b14e20ae9100c35fb97..0eb2b99a89d9a6ca8ce61743c17086650c472b64 100644
--- a/charts/ghost/templates/pvc.yaml
+++ b/charts/ghost/templates/pvc.yaml
@@ -6,10 +6,18 @@ metadata:
name: {{ include "ghost.fullname" . }}
labels:
{{- include "ghost.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/ghost/templates/service.yaml b/charts/ghost/templates/service.yaml
index fa395fce9b194229d732751e24600130c192e7a8..435745b50611185f227333e1e8b18ea6d1faa7e7 100644
--- a/charts/ghost/templates/service.yaml
+++ b/charts/ghost/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "ghost.fullname" . }}
labels:
{{- include "ghost.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/ghost/values.yaml b/charts/ghost/values.yaml
index abd42aacc9054426ae17c1564072fd9c17d5031a..1518bc63ef2405b0e5144b55bad1855aa78fd919 100644
--- a/charts/ghost/values.yaml
+++ b/charts/ghost/values.yaml
@@ -12,6 +12,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Pod deployment strategy
strategy: {}
@@ -27,6 +33,9 @@ serviceAccount:
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod security options (default: ghost as fsGroup)
podSecurityContext:
fsGroup: 1000
@@ -50,8 +59,10 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
## Ingress configuration
ingress:
@@ -97,10 +108,15 @@ resources: {}
## Additional node selector
nodeSelector: {}
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -207,6 +223,13 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart
keepPvc: false
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+
## MariaDB configuration
mariadb:
## Enable MariaDB helm chart for deployment (default: false)
@@ -255,3 +278,15 @@ mysql:
## the storage class name
className:
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/gitea/Chart.yaml b/charts/gitea/Chart.yaml
index 5fd0ac771f936d25f7b1fc39d2e11836894606f8..ded6ab5832353bc388e60e97c3e95f5a9acb32bd 100644
--- a/charts/gitea/Chart.yaml
+++ b/charts/gitea/Chart.yaml
@@ -8,7 +8,7 @@ maintainers:
- name: groundhog2k
# This is the chart version
-version: "0.10.5"
+version: "0.10.6"
# This is the version number of the application being deployed.
appVersion: "1.21.3"
diff --git a/charts/gitea/README.md b/charts/gitea/README.md
index a47c70643ea2a14a3c43a17bd2f5e45334464f64..065f274f204810818ce92acb9858b8c79c43cf8e 100644
--- a/charts/gitea/README.md
+++ b/charts/gitea/README.md
@@ -1,6 +1,6 @@
# Gitea
-  
+  
## Changelog
@@ -76,7 +76,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -86,6 +89,7 @@ helm uninstall my-release
| serviceAccount.annotations | object | `{}` | Additional service account annotations |
| affinity | object | `{}` | Affinity for pod assignment |
| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| containerHttpPort | int | `8000` | Internal http container port |
| containerSshPort | int | `8022` | Internal ssh container port |
| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history
@@ -100,12 +104,14 @@ helm uninstall my-release
| services.http.clusterIP | int | `nil` | Gitea HTTP ClusterIP (only relevant for type LoadBalancer or NodePort) |
| services.http.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| services.http.annotations | object | `{}` | Additional service annotations |
+| services.http.labels | object | `{}` | Additional service labels |
| services.ssh.type | string | `"ClusterIP"` | Service type |
| services.ssh.port | int | `22` | Gitea SSH service port |
| services.ssh.nodePort | int | `nil` | Gitea SSH NodePort (only relevant for type LoadBalancer or NodePort) |
| services.ssh.clusterIP | int | `nil` | Gitea SSH ClusterIP (only relevant for type LoadBalancer or NodePort) |
| services.ssh.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| services.ssh.annotations | object | `{}` | Additional service annotations |
+| services.ssh.labels | object | `{}` | Additional service labels |
## Ingress parameters
@@ -113,14 +119,24 @@ helm uninstall my-release
|-----|------|---------|-------------|
| ingress.enabled | bool | `false` | Enable ingress for Gitea service |
| ingress.className | string | `nil` | Optional ingress class name |
-| ingress.annotations | string | `nil` | Additional annotations for ingress |
-| ingress.labels | string | `nil` | Additional ingress lables |
+| ingress.annotations | object | `{}` | Additional annotations for ingress |
+| ingress.labels | object | `{}` | Additional ingress lables |
| ingress.hosts[0].host | string | `""` | Hostname for the ingress endpoint |
| ingress.hosts[0].host.paths[0].path | string | `"/"` | Path of the Gitea UI |
| ingress.hosts[0].host.paths[0].pathType | string | `"ImplementationSpecific"` | Ingress path type (ImplementationSpecific, Prefix, Exact) |
| ingress.tls | list | `[]` | Ingress TLS parameters |
| ingress.maxBodySize | string | `"64m"` | Maximum body size for post requests |
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
+
## Redis session cache
| Key | Type | Default | Description |
@@ -190,3 +206,5 @@ It's recommended to set the following Gitea configuration parameters:
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
diff --git a/charts/gitea/RELEASENOTES.md b/charts/gitea/RELEASENOTES.md
index 7f8358a5868320b0c4cc878d7317edc44c0ccabd..6eda3eaccfe9b9a3ee3fdd41a82ee96a90669210 100644
--- a/charts/gitea/RELEASENOTES.md
+++ b/charts/gitea/RELEASENOTES.md
@@ -66,4 +66,5 @@
| 0.10.3 | 1.21.3 | Updated to Gitea 1.21.3 |
| 0.10.4 | 1.21.3 | Added optional ingressClassName and removed deprecated api support |
| 0.10.5 | 1.21.3 | Refactored ingress configuration and added optional labels and pathType |
+| 0.10.6 | 1.21.3 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/gitea/templates/deployment.yaml b/charts/gitea/templates/deployment.yaml
index 829d8b35c042057077e0cf5f11a190e3d0b27091..302155909e0634084a0bb7f060574c35709ac417 100644
--- a/charts/gitea/templates/deployment.yaml
+++ b/charts/gitea/templates/deployment.yaml
@@ -4,6 +4,13 @@ metadata:
name: {{ include "gitea.fullname" . }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: 1
{{- if .Values.revisionHistoryLimit }}
@@ -21,11 +28,14 @@ spec:
annotations:
checksum/secureconfig: {{ include (print $.Template.BasePath "/secureconfig.yaml") . | sha256sum }}
checksum/scripts: {{ include (print $.Template.BasePath "/scripts.yaml") . | sha256sum }}
- {{- with .Values.podAnnotations }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "gitea.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -153,6 +163,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: run
emptyDir: {}
diff --git a/charts/gitea/templates/networkpolicy.yaml b/charts/gitea/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e52e8f513e484b7ec3f3fa4c968acceddc573792
--- /dev/null
+++ b/charts/gitea/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "gitea.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "gitea.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/gitea/templates/pvc.yaml b/charts/gitea/templates/pvc.yaml
index 19dd83076be83b81f23398f17e528d7a89e605f9..8dde989ef2b7792437d38286aaf16515e1f32ae9 100644
--- a/charts/gitea/templates/pvc.yaml
+++ b/charts/gitea/templates/pvc.yaml
@@ -6,10 +6,18 @@ metadata:
name: {{ include "gitea.fullname" . }}
labels:
{{- include "gitea.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/gitea/templates/services.yaml b/charts/gitea/templates/services.yaml
index 20d4ab989b47f7cdbee47e2b6f662030690c5f41..c71eb9ec145a24ebf5b82b60beff68f024f922c8 100644
--- a/charts/gitea/templates/services.yaml
+++ b/charts/gitea/templates/services.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "gitea.fullname" . }}-http
labels:
{{- include "gitea.labels" . | nindent 4 }}
+ {{- with .Values.services.http.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.services.http.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
@@ -33,6 +36,9 @@ metadata:
name: {{ include "gitea.fullname" . }}-ssh
labels:
{{- include "gitea.labels" . | nindent 4 }}
+ {{- with .Values.services.ssh.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.services.ssh.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/gitea/values.yaml b/charts/gitea/values.yaml
index 8593c6e312d372001da11cc8d5085624c4bc6b17..e5dc15b9490ec4869aa525b2751a9f5022f2687d 100644
--- a/charts/gitea/values.yaml
+++ b/charts/gitea/values.yaml
@@ -13,6 +13,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Pod deployment strategy
strategy:
type: Recreate
@@ -30,6 +36,9 @@ serviceAccount:
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod security options (default: fsGroup)
podSecurityContext:
fsGroup: 1000
@@ -54,8 +63,11 @@ services:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the http service
+ ## Annotations to add to the http service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
+
ssh:
type: ClusterIP
port: 22
@@ -65,8 +77,10 @@ services:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the ssh service
+ ## Annotations to add to the ssh service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
## Ingress configuration
ingress:
@@ -147,10 +161,15 @@ readinessProbe:
## Additional node selector
nodeSelector: {}
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -299,6 +318,12 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart
keepPvc: false
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## MariaDB configuration
mariadb:
## Enable MariaDB helm chart for deployment (default: false)
@@ -334,6 +359,12 @@ mariadb:
## the storage class name
className:
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## PostgreSQL configuration
postgres:
## Enable PostgreSQL helm chart for deployment (default: false)
@@ -365,6 +396,12 @@ postgres:
## the storage class name
className:
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## Redis configuration
redis:
## Enable Redis helm chart for deployment (default: false)
@@ -380,3 +417,15 @@ redis:
## the storage class name
className:
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/graylog/Chart.yaml b/charts/graylog/Chart.yaml
index fd2933c68186d9f6db7f96719c0740dd680ee33b..ea8f023ff6c5d4d1e9c5b710a4d41abca964bbfb 100644
--- a/charts/graylog/Chart.yaml
+++ b/charts/graylog/Chart.yaml
@@ -7,7 +7,7 @@ type: application
maintainers:
- name: groundhog2k
-version: "0.7.5"
+version: "0.7.6"
appVersion: "5.2.2"
diff --git a/charts/graylog/README.md b/charts/graylog/README.md
index a4d26bb680a357c76d52df08748e72b532b78f55..9790e42f2c684ac16f6144dce329dc2b9695cd0c 100644
--- a/charts/graylog/README.md
+++ b/charts/graylog/README.md
@@ -1,6 +1,6 @@
# Graylog
-  
+  
## Changelog
@@ -75,7 +75,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -85,6 +88,7 @@ helm uninstall my-release
| serviceAccount.name | string | `""` | Name of the service account |
| affinity | object | `{}` | Pod affinity |
| tolerations | list | `[]` | Pod tolerations |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| podManagementPolicy | string | `OrderedReady` | Pod management policy |
| updateStrategyType | string | `RollingUpdate` | Update strategy |
| replicaCount | int | `1` | Number of replicas (Not supported - Don't change in this chart version) |
@@ -103,6 +107,7 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
## Extra service parameters
@@ -119,6 +124,7 @@ Section to define all additional UDP/TCP inputs for Graylog
| extraServices[].clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| extraServices[].loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| extraServices[].annotations | object | `{}` | Additional service annotations |
+| extraServices[].labels | object | `{}` | Additional service labels |
## Ingress parameters
@@ -126,11 +132,22 @@ Section to define all additional UDP/TCP inputs for Graylog
|-----|------|---------|-------------|
| ingress.enabled | bool | `false` | Enable ingress for Gitea service |
| ingress.className | string | `nil` | Optional ingress class name |
-| ingress.annotations | string | `nil` | Additional annotations for ingress |
+| ingress.annotations | object | `{}` | Additional annotations for ingress |
+| ingress.labels | object | `{}` | Additional ingress lables |
| ingress.hosts[].host | string | `nil` | Hostname for the ingress endpoint |
| ingress.hosts[].host.paths[] | string | `nil` | Path routing for the ingress endpoint host |
| ingress.tls | list | `[]` | Ingress TLS parameters |
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
+
## Database settings
| Key | Type | Default | Description |
@@ -166,8 +183,11 @@ Section to define all additional UDP/TCP inputs for Graylog
|-----|------|---------|-------------|
| storage.accessModes[0] | string | `"ReadWriteOnce"` | Storage access mode |
| storage.persistentVolumeClaimName | string | `nil` | PVC name when existing storage volume should be used |
+| storage.volumeName | string | `"graylog-volume"` | Internal volume name |
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## Graylog parameters
diff --git a/charts/graylog/RELEASENOTES.md b/charts/graylog/RELEASENOTES.md
index 4ad66062c194e394874b0519ff2ff7e25fcafac3..683c2c16ce6c11841b964b859bd1a5f373b1ab4a 100644
--- a/charts/graylog/RELEASENOTES.md
+++ b/charts/graylog/RELEASENOTES.md
@@ -62,4 +62,5 @@
| 0.7.3 | 5.2.2 | Added optional ingressClassName and removed deprecated api support |
| 0.7.4 | 5.2.2 | Removed elasticsearch dependency and updated mongodb to 0.5.20 |
| 0.7.5 | 5.2.2 | Refactored ingress configuration and added optional labels and pathType |
+| 0.7.6 | 5.2.2 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/graylog/templates/extraservices.yaml b/charts/graylog/templates/extraservices.yaml
index aca4ed10ab4a5b558057c0399619fe0f87286cdc..04e13310efec3cd121c204dc7a9c88c436ad4dbf 100644
--- a/charts/graylog/templates/extraservices.yaml
+++ b/charts/graylog/templates/extraservices.yaml
@@ -8,6 +8,9 @@ metadata:
name: {{ $fullname }}-{{ $service.name }}
labels:
{{- $labels | nindent 4 }}
+ {{- with $service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with $service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/graylog/templates/networkpolicy.yaml b/charts/graylog/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..96df4234cd7dcb140124cc7216220e3e090dc37f
--- /dev/null
+++ b/charts/graylog/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "graylog.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "graylog.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/graylog/templates/service.yaml b/charts/graylog/templates/service.yaml
index 43e5541f969797a74b6fd2b50852cd079c0e8542..b3ab428277700a1ba63f74be15bf413a66a180a3 100644
--- a/charts/graylog/templates/service.yaml
+++ b/charts/graylog/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "graylog.fullname" . }}
labels:
{{- include "graylog.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/graylog/templates/statefulset.yaml b/charts/graylog/templates/statefulset.yaml
index 221d18e0b8ac3ca1092f9ef345016bcdb2fbeeb1..830825d10d66c37ba0aaccf4a0663c486f430224 100644
--- a/charts/graylog/templates/statefulset.yaml
+++ b/charts/graylog/templates/statefulset.yaml
@@ -4,6 +4,13 @@ metadata:
name: {{ include "graylog.fullname" . }}
labels:
{{- include "graylog.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
selector:
matchLabels:
@@ -21,11 +28,14 @@ spec:
annotations:
checksum/secureconfig: {{ include (print $.Template.BasePath "/secureconfig.yaml") . | sha256sum }}
checksum/geopipsecrets: {{ include (print $.Template.BasePath "/geoipsecrets.yaml") . | sha256sum }}
- {{- with .Values.podAnnotations }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "graylog.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -189,6 +199,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
@@ -199,29 +213,39 @@ spec:
- name: scripts
configMap:
name: {{ include "graylog.fullname" . }}-scripts
- defaultMode: 0555
- {{- if .Values.storage.persistentVolumeClaimName }}
- - name: graylog-volume
+ defaultMode: 0555
+{{- with .Values.storage }}
+ {{- $createPvc := and (empty .persistentVolumeClaimName) .requestedSize }}
+ {{- if not $createPvc }}
+ - name: {{ .volumeName }}
+ {{- if .persistentVolumeClaimName }}
persistentVolumeClaim:
- claimName: {{ .Values.storage.persistentVolumeClaimName }}
- {{- else }}
- {{- if not .Values.storage.requestedSize }}
- - name: graylog-volume
+ claimName: {{ .persistentVolumeClaimName }}
+ {{- else }}
emptyDir: {}
+ {{- end }}
{{- else }}
volumeClaimTemplates:
- metadata:
- name: graylog-volume
+ name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
- {{- with .Values.storage.accessModes }}
+ {{- with .accessModes }}
accessModes:
{{- toYaml . | nindent 10 }}
{{- end }}
- {{- if .Values.storage.className }}
- storageClassName: {{ .Values.storage.className }}
+ {{- if .className }}
+ storageClassName: {{ .className }}
{{- end }}
resources:
requests:
- storage: {{ .Values.storage.requestedSize }}
+ storage: {{ .requestedSize }}
{{- end }}
- {{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/charts/graylog/values.yaml b/charts/graylog/values.yaml
index bae23a0ee588864abe3335f221e310359bbb0ae7..a3656b55530db4f1ea467f2eaf651181168ea6de 100644
--- a/charts/graylog/values.yaml
+++ b/charts/graylog/values.yaml
@@ -19,6 +19,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Optional service account
serviceAccount:
# Specifies whether a service account should be created
@@ -31,6 +37,9 @@ serviceAccount:
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod management policy
podManagementPolicy: OrderedReady
@@ -63,8 +72,10 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
## List of extra service ports
extraServices: {}
@@ -85,6 +96,8 @@ extraServices: {}
# loadBalancerIP:
## Annotations to add to the service
# annotations: {}
+ ## Labels to add to the service
+# labels: {}
## Ingress configuration
ingress:
@@ -127,10 +140,15 @@ resources: {}
## Additional node selector
nodeSelector: {}
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -255,6 +273,9 @@ storage:
## Set persistentVolumenClaimName to reference an existing PVC
persistentVolumeClaimName:
+ ## Internal volume name
+ volumeName: "graylog-volume"
+
## Alternative set requestedSize to define a size for a dynmaically created PVC
requestedSize:
@@ -265,6 +286,12 @@ storage:
accessModes:
- ReadWriteOnce
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## MongoDB configuration
mongodb:
## Enable MongoDB helm chart for deployment (default: false)
@@ -312,3 +339,15 @@ mongodb:
## Default access mode (ReadWriteOnce)
accessModes:
- ReadWriteOnce
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/mariadb/Chart.yaml b/charts/mariadb/Chart.yaml
index 7cdc7a723daac4b4280cfe37526a06290cf60993..7d32cdb10dbe9736259df29232140bccf4920ba0 100644
--- a/charts/mariadb/Chart.yaml
+++ b/charts/mariadb/Chart.yaml
@@ -13,7 +13,7 @@ keywords:
- mariadb
- mysql
-version: "2.1.1"
+version: "2.1.2"
appVersion: "11.1.3"
icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo_black-transparent-600x150.png
diff --git a/charts/mariadb/README.md b/charts/mariadb/README.md
index c0f13e347e704624e84485aebdd23c3338fe8f6a..aa32f6a7a6d8cecaa0da4c7bcfdd2007caf06f3c 100644
--- a/charts/mariadb/README.md
+++ b/charts/mariadb/README.md
@@ -1,6 +1,6 @@
# MariaDB
-  
+  
## Changelog
@@ -70,7 +70,10 @@ helm uninstall my-release
| resources | object | `{}` | Resource limits and requests |
| initResources | object | `{}` | Resource limits and requests for the default init container |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -79,6 +82,7 @@ helm uninstall my-release
| serviceAccount.name | string | `""` | Name of the service account |
| affinity | object | `{}` | Affinity for pod assignment |
| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| podManagementPolicy | string | `"OrderedReady"` | Pod management policy |
| updateStrategyType | string | `"RollingUpdate"` | Pod update strategy |
| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history
@@ -93,6 +97,7 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
## Network policies
@@ -114,6 +119,8 @@ The policyTypes will be automatically set
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart (only for option `useDeployment: true`) |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## MariaDB parameters
diff --git a/charts/mariadb/RELEASENOTES.md b/charts/mariadb/RELEASENOTES.md
index 94110b49e0fc1e22473bd39346acf078952f1f1c..08140b2c06272eb7aecba5c36c9b2b35bbe7eb21 100644
--- a/charts/mariadb/RELEASENOTES.md
+++ b/charts/mariadb/RELEASENOTES.md
@@ -82,4 +82,5 @@
| 2.0.1 | 11.0.4 | Upgraded MariaDB to 11.0.4 |
| 2.1.0 | 11.1.2 | Bumped to stable major chart version - Allows usage of existing secret reference and added network policy support |
| 2.1.1 | 11.1.3 | Upgraded MariaDB to 11.1.3 |
+| 2.1.2 | 11.1.3 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/mariadb/templates/pvc.yaml b/charts/mariadb/templates/pvc.yaml
index bb2cef8cb42d8938b5404e64042a407e230399c0..240f3a4c93a5b300d38147fce5f3ad48bfcc98d5 100644
--- a/charts/mariadb/templates/pvc.yaml
+++ b/charts/mariadb/templates/pvc.yaml
@@ -6,10 +6,18 @@ metadata:
name: {{ include "mariadb.fullname" . }}
labels:
{{- include "mariadb.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/mariadb/templates/service.yaml b/charts/mariadb/templates/service.yaml
index 42c40cf216934911c80a6b96f70b72741b509303..868bb3fdf9497408f5d1f48e1a5cf560a57926ca 100644
--- a/charts/mariadb/templates/service.yaml
+++ b/charts/mariadb/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "mariadb.fullname" . }}
labels:
{{- include "mariadb.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/mariadb/templates/statefulset.yaml b/charts/mariadb/templates/statefulset.yaml
index 5132143177d641e37bd3565607884750cffa505e..c47de06fb1e35eca97886d97b1c2f54098634899 100644
--- a/charts/mariadb/templates/statefulset.yaml
+++ b/charts/mariadb/templates/statefulset.yaml
@@ -10,6 +10,13 @@ metadata:
name: {{ $fullname }}
labels:
{{- include "mariadb.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: 1
{{- if .Values.revisionHistoryLimit }}
@@ -39,6 +46,9 @@ spec:
{{- end }}
labels:
{{- include "mariadb.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -243,6 +253,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp-volume
emptyDir: {}
@@ -301,6 +315,14 @@ spec:
volumeClaimTemplates:
- metadata:
name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
{{- with .accessModes }}
accessModes:
diff --git a/charts/mariadb/values.yaml b/charts/mariadb/values.yaml
index 575bfe7e00a0b5f04c01562b9e03aa2634a025ad..72aae3dad0777707a55cdf431b69c292902ac4ee 100644
--- a/charts/mariadb/values.yaml
+++ b/charts/mariadb/values.yaml
@@ -13,6 +13,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Optional service account
serviceAccount:
# Specifies whether a service account should be created
@@ -23,12 +29,12 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
-## Additional node selector
-nodeSelector: {}
-
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod management policy
podManagementPolicy: OrderedReady
@@ -63,8 +69,10 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
# Resource limits and requests
resources: {}
@@ -84,10 +92,18 @@ initResources: {}
# cpu: 100m
# memory: 128Mi
+## Additional node selector
+nodeSelector: {}
+
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -238,3 +254,9 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart (only for option useDeployment: true)
keepPvc: false
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
diff --git a/charts/metrics-server/.helmignore b/charts/metrics-server/.helmignore
deleted file mode 100644
index 37ea1d77841641df57cc6e256bcc1a8cd824423c..0000000000000000000000000000000000000000
--- a/charts/metrics-server/.helmignore
+++ /dev/null
@@ -1,22 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-OWNERS
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/charts/metrics-server/Chart.yaml b/charts/metrics-server/Chart.yaml
deleted file mode 100644
index e0537b0214a96f80bfb19b51cec1cf00aa6e7f8a..0000000000000000000000000000000000000000
--- a/charts/metrics-server/Chart.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v2
-name: metrics-server
-description: A Helm chart for Kubernetes metrics-server
-
-type: application
-
-maintainers:
- - name: groundhog2k
-
-version: 2.13.2
-
-appVersion: "v0.5.1"
-
-keywords:
- - metrics-server
diff --git a/charts/metrics-server/README.md b/charts/metrics-server/README.md
deleted file mode 100644
index 834d358aeb6590b29be4203f5637e7298c296b52..0000000000000000000000000000000000000000
--- a/charts/metrics-server/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# ⚠️ Deprecation and Archive Notice
-
-This chart version (v2.13.2) is the last update and the chart is deprecated and will no longer be maintained.
-
-A new chart of the original metrics-server project was release at
-[kubernetes-sigs/metrics-server](https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server)
-
-# metrics-server
-
-  
-
-[Metrics Server](https://github.com/kubernetes-incubator/metrics-server) is a cluster-wide aggregator of resource usage data. Resource metrics are used by components like `kubectl top` and the [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale) to scale workloads. To autoscale based upon a custom metric, see the [Prometheus Adapter chart](https://github.com/helm/charts/blob/master/stable/prometheus-adapter).
-
-## Configuration
-
-Parameter | Description | Default
---- | --- | ---
-`rbac.create` | Enable Role-based authentication | `true`
-`serviceAccount.create` | If `true`, create a new service account | `true`
-`serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | ``
-`apiService.create` | Create the v1beta1.metrics.k8s.io API service | `true`
-`hostNetwork.enabled` | Enable hostNetwork mode | `false`
-`image.repository` | Image repository | `k8s.gcr.io/metrics-server/metrics-server`
-`image.tag` | Image tag | `""`
-`image.pullPolicy` | Image pull policy | `IfNotPresent`
-`imagePullSecrets` | Image pull secrets | `[]`
-`args` | Command line arguments | `[]`
-`resources` | CPU/Memory resource requests/limits. | `{}`
-`tolerations` | List of node taints to tolerate (requires Kubernetes >=1.6) | `[]`
-`strategy.type` | Pod deployment strategy | `"RollingUpdate"`
-`strategy.type.rollingUpdate.maxUnavailable` | Maximum unavailable pods during update | `0`
-`nodeSelector` | Node labels for pod assignment | `{}`
-`affinity` | Node affinity | `{}`
-`replicas` | Number of replicas | `1`
-`livenessProbe` | Container liveness probe | See values.yaml
-`podLabels` | Labels to be added to pods | `{}`
-`podAnnotations` | Annotations to be added to pods | `{}`
-`priorityClassName` | Pod priority class | `""`
-`readinessProbe` | Container readiness probe | See values.yaml
-`service.annotations` | Annotations to add to the service | `{}`
-`service.labels` | Labels to be added to the metrics-server service | `{}`
-`service.port` | Service port to expose | `443`
-`service.type` | Type of service to create | `ClusterIP`
-`podDisruptionBudget.enabled` | Create a PodDisruptionBudget | `false`
-`podDisruptionBudget.minAvailable` | Minimum available instances; ignored if there is no PodDisruptionBudget |
-`podDisruptionBudget.maxUnavailable` | Maximum unavailable instances; ignored if there is no PodDisruptionBudget |
-`testImage.repository` | Image repository and name for test pod. See also `imagePullSecrets` | `busybox`
-`testImage.tag` | Image tag for test pod | `latest`
-`testImage.pullPolicy` | Image pull policy for test pod | `IfNotPresent`
diff --git a/charts/metrics-server/templates/NOTES.txt b/charts/metrics-server/templates/NOTES.txt
deleted file mode 100644
index 1034c129e98a16643b22ebb6bef8f7a1cbca6ff0..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/NOTES.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-The metric server has been deployed.
-{{ if .Values.apiService.create }}
-In a few minutes you should be able to list metrics using the following
-command:
-
- kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"
-{{ else }}
-NOTE: You have disabled the API service creation for this release. The metrics
-API will not work with this release unless you configure the metrics API
-service outside of this Helm chart.
-{{- end -}}
diff --git a/charts/metrics-server/templates/_helpers.tpl b/charts/metrics-server/templates/_helpers.tpl
deleted file mode 100644
index 39105d125fc1b3a985e59ab38d4025caf4868d61..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/_helpers.tpl
+++ /dev/null
@@ -1,51 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "metrics-server.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "metrics-server.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "metrics-server.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a service name that defaults to app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{- define "metrics-server.service.fullname" -}}
-{{- .Values.service.nameOverride | default .Chart.Name }}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "metrics-server.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
- {{ default (include "metrics-server.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
- {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
diff --git a/charts/metrics-server/templates/aggregated-metrics-reader-cluster-role.yaml b/charts/metrics-server/templates/aggregated-metrics-reader-cluster-role.yaml
deleted file mode 100644
index e91a3d8585b9a2d8ea0141d9ba68523515534b8f..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/aggregated-metrics-reader-cluster-role.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{- if .Values.rbac.create -}}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: system:{{ template "metrics-server.name" . }}-aggregated-reader
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
- rbac.authorization.k8s.io/aggregate-to-view: "true"
- rbac.authorization.k8s.io/aggregate-to-edit: "true"
- rbac.authorization.k8s.io/aggregate-to-admin: "true"
-rules:
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods","nodes"]
- verbs: ["get", "list", "watch"]
-{{- end -}}
diff --git a/charts/metrics-server/templates/auth-delegator-crb.yaml b/charts/metrics-server/templates/auth-delegator-crb.yaml
deleted file mode 100644
index e82fca06549d18325a3244ea7c7288951864ac4f..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/auth-delegator-crb.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{- if .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: {{ template "metrics-server.fullname" . }}:system:auth-delegator
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:auth-delegator
-subjects:
- - kind: ServiceAccount
- name: {{ template "metrics-server.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
-{{- end -}}
diff --git a/charts/metrics-server/templates/cluster-role.yaml b/charts/metrics-server/templates/cluster-role.yaml
deleted file mode 100644
index 17c2bdb00c4bc749468d11d6305f95a19541b7e3..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/cluster-role.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-{{- if .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: system:{{ template "metrics-server.fullname" . }}
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-rules:
- - apiGroups:
- - ""
- resources:
- - pods
- - nodes
- - nodes/stats
- - namespaces
- - configmaps
- verbs:
- - get
- - list
- - watch
-{{- end -}}
\ No newline at end of file
diff --git a/charts/metrics-server/templates/metric-server-service.yaml b/charts/metrics-server/templates/metric-server-service.yaml
deleted file mode 100644
index 0d64cd14011aa4691e9203d9f68dc294be446229..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/metric-server-service.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ template "metrics-server.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
- {{- with .Values.service.labels -}}
- {{ toYaml . | nindent 4 }}
- {{- end }}
- annotations:
- {{- toYaml .Values.service.annotations | trim | nindent 4 }}
-spec:
- ports:
- - port: {{ .Values.service.port }}
- protocol: TCP
- targetPort: https
- selector:
- app: {{ template "metrics-server.name" . }}
- release: {{ .Release.Name }}
- type: {{ .Values.service.type }}
-
diff --git a/charts/metrics-server/templates/metrics-api-service.yaml b/charts/metrics-server/templates/metrics-api-service.yaml
deleted file mode 100644
index 0ac04e22f00785be13e10b6d00618d3fe6bd8588..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/metrics-api-service.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-{{- if .Values.apiService.create -}}
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
- name: v1beta1.metrics.k8s.io
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- service:
- name: {{ template "metrics-server.fullname" . }}
- namespace: {{ .Release.Namespace }}
- group: metrics.k8s.io
- version: v1beta1
- insecureSkipTLSVerify: true
- groupPriorityMinimum: 100
- versionPriority: 100
-{{- end -}}
diff --git a/charts/metrics-server/templates/metrics-server-crb.yaml b/charts/metrics-server/templates/metrics-server-crb.yaml
deleted file mode 100644
index eb04c6ffdcd5022cc38d12b1378c4d9d54b929c3..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/metrics-server-crb.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{- if .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: system:{{ template "metrics-server.fullname" . }}
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:{{ template "metrics-server.fullname" . }}
-subjects:
- - kind: ServiceAccount
- name: {{ template "metrics-server.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
-{{- end -}}
diff --git a/charts/metrics-server/templates/metrics-server-deployment.yaml b/charts/metrics-server/templates/metrics-server-deployment.yaml
deleted file mode 100644
index 7d2852ed2514188db3c099651f1f3cb70b651137..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/metrics-server-deployment.yaml
+++ /dev/null
@@ -1,81 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ template "metrics-server.fullname" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ template "metrics-server.name" . }}
- release: {{ .Release.Name }}
- replicas: {{ .Values.replicas }}
- {{- with .Values.strategy }}
- strategy:
- {{- toYaml . | nindent 4 }}
- {{- end }}
- template:
- metadata:
- labels:
- app: {{ template "metrics-server.name" . }}
- release: {{ .Release.Name }}
- {{- if .Values.podLabels }}
-{{ toYaml .Values.podLabels | indent 8 }}
- {{- end }}
- {{- with .Values.podAnnotations }}
- annotations:
- {{- range $key, $value := . }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
- {{- end }}
- spec:
- {{- if .Values.priorityClassName }}
- priorityClassName: "{{ .Values.priorityClassName }}"
- {{- end }}
- {{- if .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- range .Values.imagePullSecrets }}
- - name: {{ . }}
- {{- end }}
- {{- end }}
- serviceAccountName: {{ template "metrics-server.serviceAccountName" . }}
-{{- if .Values.hostNetwork.enabled }}
- hostNetwork: true
-{{- end }}
- containers:
- - name: metrics-server
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- args:
- - --cert-dir=/tmp
- - --secure-port=8443
- {{- range .Values.args }}
- - {{ . }}
- {{- end }}
- ports:
- - containerPort: 8443
- name: https
- livenessProbe:
- {{- toYaml .Values.livenessProbe | trim | nindent 12 }}
- readinessProbe:
- {{- toYaml .Values.readinessProbe | trim | nindent 12 }}
- resources:
- {{- toYaml .Values.resources | trim | nindent 12 }}
- securityContext:
- {{- toYaml .Values.securityContext | trim | nindent 12 }}
- volumeMounts:
- - name: tmp
- mountPath: /tmp
- nodeSelector:
- {{- toYaml .Values.nodeSelector | trim | nindent 8 }}
- affinity:
- {{- toYaml .Values.affinity | trim | nindent 8 }}
- tolerations:
- {{- toYaml .Values.tolerations | trim | nindent 8 }}
- volumes:
- - name: tmp
- emptyDir: {}
diff --git a/charts/metrics-server/templates/metrics-server-serviceaccount.yaml b/charts/metrics-server/templates/metrics-server-serviceaccount.yaml
deleted file mode 100644
index 4d748ed5685ceec65189a2dbe51d16828d85db56..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/metrics-server-serviceaccount.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ template "metrics-server.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-{{- end -}}
diff --git a/charts/metrics-server/templates/pdb.yaml b/charts/metrics-server/templates/pdb.yaml
deleted file mode 100644
index 79c36e93a80f24002a434226cc3edf34e282cdc3..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/pdb.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-{{- if .Values.podDisruptionBudget.enabled }}
-{{- if semverCompare ">=1.21" .Capabilities.KubeVersion.Version }}
-apiVersion: policy/v1
-{{- else }}
-apiVersion: policy/v1beta1
-{{- end }}
-kind: PodDisruptionBudget
-metadata:
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
- name: {{ template "metrics-server.fullname" . }}
- namespace: {{ .Release.Namespace }}
-spec:
- {{- if .Values.podDisruptionBudget.minAvailable }}
- minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
- {{- end }}
- {{- if .Values.podDisruptionBudget.maxUnavailable }}
- maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
- {{- end }}
- selector:
- matchLabels:
- app: {{ template "metrics-server.name" . }}
-{{- end }}
diff --git a/charts/metrics-server/templates/role-binding.yaml b/charts/metrics-server/templates/role-binding.yaml
deleted file mode 100644
index 3169f249103f0ed03ef4d446c0199e01657d5526..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/role-binding.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-{{- if .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: {{ template "metrics-server.fullname" . }}-auth-reader
- namespace: kube-system
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: extension-apiserver-authentication-reader
-subjects:
- - kind: ServiceAccount
- name: {{ template "metrics-server.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
-{{- end -}}
diff --git a/charts/metrics-server/templates/tests/test-version.yaml b/charts/metrics-server/templates/tests/test-version.yaml
deleted file mode 100644
index ec7f4d6aff98a3462314d4a298de28599b329f27..0000000000000000000000000000000000000000
--- a/charts/metrics-server/templates/tests/test-version.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: {{ template "metrics-server.fullname" . }}-test
- labels:
- app: {{ template "metrics-server.name" . }}
- chart: {{ template "metrics-server.chart" . }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
- annotations:
- "helm.sh/hook": test-success
-spec:
- containers:
- - name: wget
- image: "{{ .Values.testImage.repository }}:{{ .Values.testImage.tag }}"
- imagePullPolicy: {{ .Values.testImage.pullPolicy }}
- command: ['/bin/sh']
- args:
- - -c
- - 'wget -qO- https://{{ include "metrics-server.fullname" . }}:{{ .Values.service.port }}/version | grep -F {{ .Values.image.tag }}'
-{{- if .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- range .Values.imagePullSecrets }}
- - name: {{ . }}
- {{- end }}
-{{- end }}
- restartPolicy: Never
diff --git a/charts/metrics-server/values.yaml b/charts/metrics-server/values.yaml
deleted file mode 100644
index c16bd650ebe9ebe8d1f5da3982c067bb40f067b7..0000000000000000000000000000000000000000
--- a/charts/metrics-server/values.yaml
+++ /dev/null
@@ -1,107 +0,0 @@
-rbac:
- # Specifies whether RBAC resources should be created
- create: true
-
-serviceAccount:
- # Specifies whether a ServiceAccount should be created
- create: true
- # The name of the ServiceAccount to use.
- # If not set and create is true, a name is generated using the fullname template
- name:
-
-apiService:
- # Specifies if the v1beta1.metrics.k8s.io API service should be created.
- #
- # You typically want this enabled! If you disable API service creation you have to
- # manage it outside of this chart for e.g horizontal pod autoscaling to
- # work with this release.
- create: true
-
-hostNetwork:
- # Specifies if metrics-server should be started in hostNetwork mode.
- #
- # You would require this enabled if you use alternate overlay networking for pods and
- # API server unable to communicate with metrics-server. As an example, this is required
- # if you use Weave network on EKS
- enabled: false
-
-image:
- repository: k8s.gcr.io/metrics-server/metrics-server
- pullPolicy: IfNotPresent
-
-imagePullSecrets: []
-# - registrySecretName
-
-args: []
-# - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
-# - --kubelet-use-node-status-port
-# enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server
-# - --kubelet-insecure-tls
-
-resources: {}
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-## Pod deployment strategy
-strategy:
- type: RollingUpdate
- rollingUpdate:
- maxUnavailable: 0
-
-replicas: 1
-
-extraContainers: []
-
-podLabels: {}
-
-podAnnotations: {}
-# The following annotations guarantee scheduling for critical add-on pods.
-# See more at: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
-# scheduler.alpha.kubernetes.io/critical-pod: ''
-
-## Set a pod priorityClassName
-# priorityClassName: system-cluster-critical
-
-livenessProbe:
- httpGet:
- path: /healthz
- port: https
- scheme: HTTPS
- initialDelaySeconds: 20
-
-readinessProbe:
- httpGet:
- path: /healthz
- port: https
- scheme: HTTPS
- initialDelaySeconds: 20
-
-securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsGroup: 10001
- runAsNonRoot: true
- runAsUser: 10001
-
-service:
- annotations: {}
- labels: {}
- # Add these labels to have metrics-server show up in `kubectl cluster-info`
- # kubernetes.io/cluster-service: "true"
- # kubernetes.io/name: "Metrics-server"
- port: 443
- type: ClusterIP
-
-podDisruptionBudget:
- enabled: false
- minAvailable:
- maxUnavailable:
-
-testImage:
- repository: busybox
- tag: latest
- pullPolicy: IfNotPresent
diff --git a/charts/mongodb/Chart.yaml b/charts/mongodb/Chart.yaml
index 99bec9118b6c93003ae3e31dad9508d1363cf233..ff07ad2f949c46cd4d34cef690b4f8b28364b70f 100644
--- a/charts/mongodb/Chart.yaml
+++ b/charts/mongodb/Chart.yaml
@@ -7,6 +7,6 @@ type: application
maintainers:
- name: groundhog2k
-version: "0.6.1"
+version: "0.6.2"
appVersion: "7.0.4"
diff --git a/charts/mongodb/README.md b/charts/mongodb/README.md
index e220e88ad3b5bfbfb4e235fa2cd48617930df5ee..33cec74821fbdda5a0748d146c3e48daaf33e60a 100644
--- a/charts/mongodb/README.md
+++ b/charts/mongodb/README.md
@@ -1,6 +1,6 @@
# MongoDB
-  
+  
## Changelog
@@ -69,7 +69,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -79,6 +82,7 @@ helm uninstall my-release
| serviceAccount.name | string | `""` | Name of the service account |
| affinity | object | `{}` | Pod affinity |
| tolerations | list | `[]` | Pod tolerations |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| podManagementPolicy | string | `OrderedReady` | Pod management policy |
| updateStrategyType | string | `RollingUpdate` | Update strategy |
| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history
@@ -93,6 +97,17 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
+
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
## Storage parameters
@@ -104,6 +119,8 @@ helm uninstall my-release
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart (only for `useDeploymentWhenNonHA`) |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## MongoDB parameters
@@ -138,6 +155,7 @@ helm uninstall my-release
| replicaSet.hiddenSecondaries.headlessServiceSuffix | string | `"hidden"` | Suffix of the headless service name for hidden secondary instances |
| replicaSet.hiddenSecondaries.nodeSelector | object | `{}` | Deployment node selector |
| replicaSet.hiddenSecondaries.tolerations | list | `[]` | Pod tolerations |
+| replicaSet.hiddenSecondaries.topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| replicaSet.hiddenSecondaries.affinity | object | `{}` | Pod affinity |
| replicaSet.hiddenSecondaries.volumeName | string | `"mongodb-hidden-volume"` | Internal volume name and prefix of created PVC |
| replicaSet.arbiter.enabled | bool | `false` | Enables arbiter deployment |
@@ -145,9 +163,12 @@ helm uninstall my-release
| replicaSet.arbiter.resources | object | `{}` | Resource limits and requests for the arbiter |
| replicaSet.arbiter.nodeSelector | object | `{}` | Deployment node selector |
| replicaSet.arbiter.tolerations | list | `[]` | Pod tolerations |
+| replicaSet.arbiter.topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| replicaSet.arbiter.affinity | object | `{}` | Pod affinity |
| replicaSet.arbiter.storage.accessModes[0] | string | `"ReadWriteOnce"` | Storage access mode |
| replicaSet.arbiter.storage.persistentVolumeClaimName | string | `nil` | PVC name when existing storage volume should be used |
| replicaSet.arbiter.storage.volumeName | string | `"mongodb-arbiter-volume"` | Internal volume name and prefix of a created PVC |
| replicaSet.arbiter.storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| replicaSet.arbiter.storage.className | string | `nil` | Storage class name |
+| replicaSet.arbiter.storage.annotations | object | `{}` | Additional storage annotations |
+| replicaSet.arbiter.storage.labels | object | `{}` | Additional storage labels |
diff --git a/charts/mongodb/RELEASENOTES.md b/charts/mongodb/RELEASENOTES.md
index 8f478ad8ffbfc55aae45e3f113349c585dbbf705..8b9e9f58be81276a8b5bf00dffdb5373ff73d647 100644
--- a/charts/mongodb/RELEASENOTES.md
+++ b/charts/mongodb/RELEASENOTES.md
@@ -84,4 +84,5 @@
| 0.5.20 | 6.0.12 | Upgraded to MongoDB 6.0.12 |
| 0.6.0 | 7.0.2 | Upgraded to MongoDB 7.0.2 |
| 0.6.1 | 7.0.4 | Upgraded to MongoDB 7.0.4 |
+| 0.6.2 | 7.0.4 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/mongodb/templates/networkpolicy.yaml b/charts/mongodb/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b7a5b612d2bfe559d9211ca0546858187c6712a7
--- /dev/null
+++ b/charts/mongodb/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "mongodb.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "mongodb.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/mongodb/templates/pvc.yaml b/charts/mongodb/templates/pvc.yaml
index 62ecdac08ef4132fc14df9c47d09b0ee0f6a2677..f446e8dee078b68d9c22191e25e0aba4b9403e4c 100644
--- a/charts/mongodb/templates/pvc.yaml
+++ b/charts/mongodb/templates/pvc.yaml
@@ -7,10 +7,18 @@ metadata:
name: {{ include "mongodb.fullname" . }}
labels:
{{- include "mongodb.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/mongodb/templates/service.yaml b/charts/mongodb/templates/service.yaml
index 2e7554d25ffd7218fcea26d53a4c5f6e47baa13b..02109bd0f1899802a91cc44e78746c4878335bca 100644
--- a/charts/mongodb/templates/service.yaml
+++ b/charts/mongodb/templates/service.yaml
@@ -5,6 +5,9 @@ metadata:
name: {{ include "mongodb.fullname" . }}
labels:
{{- include "mongodb.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/mongodb/templates/statefulset-arbiter.yaml b/charts/mongodb/templates/statefulset-arbiter.yaml
index ce8c91652d7896abf9918a5dee35efcf1111b6db..47a4a7fa0e0e913d03aa9ea8acfb452ae3f8824b 100644
--- a/charts/mongodb/templates/statefulset-arbiter.yaml
+++ b/charts/mongodb/templates/statefulset-arbiter.yaml
@@ -6,6 +6,13 @@ metadata:
labels:
{{- include "mongodb.labels" . | nindent 4 }}
service-type: arbiter
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
selector:
matchLabels:
@@ -31,6 +38,9 @@ spec:
labels:
{{- include "mongodb.selectorLabels" . | nindent 8 }}
service-type: arbiter
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -206,6 +216,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.replicaSet.arbiter.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
@@ -255,6 +269,14 @@ spec:
volumeClaimTemplates:
- metadata:
name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
{{- with .accessModes }}
accessModes:
diff --git a/charts/mongodb/templates/statefulset-hidden.yaml b/charts/mongodb/templates/statefulset-hidden.yaml
index b05acd3da2b81a54943abf7743d974352d097f1d..24f53bc05bf950047ca693481f3ab930b7288682 100644
--- a/charts/mongodb/templates/statefulset-hidden.yaml
+++ b/charts/mongodb/templates/statefulset-hidden.yaml
@@ -6,6 +6,13 @@ metadata:
labels:
{{- include "mongodb.labels" . | nindent 4 }}
service-type: hidden-secondary
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
selector:
matchLabels:
@@ -34,6 +41,9 @@ spec:
labels:
{{- include "mongodb.selectorLabels" . | nindent 8 }}
service-type: hidden-secondary
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -213,18 +223,22 @@ spec:
{{- with .Values.extraContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.replicaSet.arbiter.nodeSelector }}
+ {{- with .Values.replicaSet.hiddenSecondaries.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.replicaSet.arbiter.affinity }}
+ {{- with .Values.replicaSet.hiddenSecondaries.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- with .Values.replicaSet.arbiter.tolerations }}
+ {{- with .Values.replicaSet.hiddenSecondaries.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.replicaSet.hiddenSecondaries.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
@@ -288,6 +302,14 @@ spec:
volumeClaimTemplates:
- metadata:
name: {{ $.Values.replicaSet.hiddenSecondaries.volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
{{- with .accessModes }}
accessModes:
diff --git a/charts/mongodb/templates/statefulset.yaml b/charts/mongodb/templates/statefulset.yaml
index 376438c98b8e46d301bb15271d1fe686e0ac4273..f1122d98b730bb9a7011b3d5d167457565edb4e1 100644
--- a/charts/mongodb/templates/statefulset.yaml
+++ b/charts/mongodb/templates/statefulset.yaml
@@ -12,6 +12,13 @@ metadata:
labels:
{{- include "mongodb.labels" . | nindent 4 }}
service-type: primary-secondary
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
{{- if .Values.replicaSet.enabled }}
replicas: {{ add1 .Values.replicaSet.secondaries }}
@@ -45,6 +52,9 @@ spec:
labels:
{{- include "mongodb.selectorLabels" . | nindent 8 }}
service-type: primary-secondary
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -236,6 +246,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
@@ -303,6 +317,14 @@ spec:
volumeClaimTemplates:
- metadata:
name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
{{- with .accessModes }}
accessModes:
@@ -317,4 +339,3 @@ spec:
{{- end }}
{{- end }}
{{- end }}
-
\ No newline at end of file
diff --git a/charts/mongodb/values.yaml b/charts/mongodb/values.yaml
index e227de510d5208866418090f5f5cc342736c39a6..7c7c6578d7d1911708249bceccb845e8af7420c7 100644
--- a/charts/mongodb/values.yaml
+++ b/charts/mongodb/values.yaml
@@ -13,6 +13,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Optional service account
serviceAccount:
# Specifies whether a service account should be created
@@ -25,6 +31,9 @@ serviceAccount:
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod security options
podSecurityContext:
fsGroup: 999
@@ -60,8 +69,10 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
## Resource limits and requests
resources: {}
@@ -111,12 +122,15 @@ readinessProbe:
## Additional node selector
nodeSelector: {}
-## Pod tolerations
+## Tolerations for pod assignment
tolerations: []
-## Pod affinity
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -155,6 +169,8 @@ replicaSet:
tolerations: []
## Pod affinity
affinity: {}
+ ## Topology spread constraints for pods
+ topologySpreadConstraints: {}
# Internal volume name and prefix of created PVC
volumeName: "mongodb-hidden-volume"
## Creates an additional arbiter when enabled
@@ -177,6 +193,8 @@ replicaSet:
tolerations: []
## Pod affinity
affinity: {}
+ ## Topology spread constraints for pods
+ topologySpreadConstraints: {}
# Storage of the arbiter
storage:
## Set persistentVolumenClaimName to reference an existing PVC
@@ -190,6 +208,10 @@ replicaSet:
## Default access mode (ReadWriteOnce)
accessModes:
- ReadWriteOnce
+ ## Additional storage annotations
+ annotations: {}
+ ## Additional storage labels
+ labels: {}
## Internal configuration for extra initialization phase which is used during replicaset configuration
extraInit:
@@ -281,3 +303,15 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart (only for non-HA mode with option useDeploymentWhenNonHA: true)
keepPvc: false
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/mysql/Chart.yaml b/charts/mysql/Chart.yaml
index 6996db6f5603954f66313b5722b59826b19c289d..4d99a4bfbcc87e68af8e6328ec9affa16a889490 100644
--- a/charts/mysql/Chart.yaml
+++ b/charts/mysql/Chart.yaml
@@ -12,7 +12,7 @@ keywords:
- database
- mysql
-version: "1.1.0"
+version: "1.1.1"
appVersion: "8.2.0"
icon: https://www.mysql.com/common/logos/powered-by-mysql-88x31.png
diff --git a/charts/mysql/README.md b/charts/mysql/README.md
index 8a6a85880cb3ab91d22257cc79cce841fba6f91b..70221e4b5121397a0911602ca8931b5b3f57e902 100644
--- a/charts/mysql/README.md
+++ b/charts/mysql/README.md
@@ -1,6 +1,6 @@
# MySQL
-  
+  
## Changelog
@@ -70,7 +70,10 @@ helm uninstall my-release
| resources | object | `{}` | Resource limits and requests |
| initResources | object | `{}` | Resource limits and requests for the default init container |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -79,6 +82,7 @@ helm uninstall my-release
| serviceAccount.name | string | `""` | Name of the service account |
| affinity | object | `{}` | Affinity for pod assignment |
| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| podManagementPolicy | string | `"OrderedReady"` | Pod management policy |
| updateStrategyType | string | `"RollingUpdate"` | Pod update strategy |
| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history
@@ -93,6 +97,7 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
## Network policies
@@ -114,6 +119,8 @@ The policyTypes will be automatically set
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart (only for option `useDeployment: true`) |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## MySQL parameters
diff --git a/charts/mysql/RELEASENOTES.md b/charts/mysql/RELEASENOTES.md
index 4be1a0a35b2976c7efa1d4260d375f99a9d25d3b..f838336cafba1ee25545437868c764f8e760a8fc 100644
--- a/charts/mysql/RELEASENOTES.md
+++ b/charts/mysql/RELEASENOTES.md
@@ -18,4 +18,5 @@
| 0.3.0 | 8.2.0 | Upgraded MySQL to 8.2.0 |
| 1.0.0 | 8.0.35 | Bumped to stable major chart version - Allows usage of existing secret references and network policies |
| 1.1.0 | 8.2.0 | Bumped to stable major chart version - Allows usage of existing secret references and network policies |
+| 1.1.1 | 8.2.0 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/mysql/templates/pvc.yaml b/charts/mysql/templates/pvc.yaml
index 426e73379d90583872ef7d85b2263a7c4f18f795..067be6cacf2002c7f9d83e6a371c233a3c7c3541 100644
--- a/charts/mysql/templates/pvc.yaml
+++ b/charts/mysql/templates/pvc.yaml
@@ -6,10 +6,18 @@ metadata:
name: {{ include "mysql.fullname" . }}
labels:
{{- include "mysql.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/mysql/templates/service.yaml b/charts/mysql/templates/service.yaml
index 779655c648ad5e0267987a859c22b650b35aa495..e309f31b5932651b5cddc0541ee0147e528af74f 100644
--- a/charts/mysql/templates/service.yaml
+++ b/charts/mysql/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "mysql.fullname" . }}
labels:
{{- include "mysql.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/mysql/templates/statefulset.yaml b/charts/mysql/templates/statefulset.yaml
index 539f282d86ade629e75860dbc54d11c6a4356d92..d5bad76e5f689eb8d41b664b45ad2e707ed380c0 100644
--- a/charts/mysql/templates/statefulset.yaml
+++ b/charts/mysql/templates/statefulset.yaml
@@ -10,6 +10,13 @@ metadata:
name: {{ $fullname }}
labels:
{{- include "mysql.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: 1
{{- if .Values.revisionHistoryLimit }}
@@ -39,6 +46,9 @@ spec:
{{- end }}
labels:
{{- include "mysql.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -243,6 +253,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp-volume
emptyDir: {}
@@ -301,6 +315,14 @@ spec:
volumeClaimTemplates:
- metadata:
name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
{{- with .accessModes }}
accessModes:
diff --git a/charts/mysql/values.yaml b/charts/mysql/values.yaml
index 049c061d3132593d62eaf091d926c99c6f1a05ac..42ebfe1836e9f7a2100b9f0385a4160c14b0ad56 100644
--- a/charts/mysql/values.yaml
+++ b/charts/mysql/values.yaml
@@ -13,6 +13,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Optional service account
serviceAccount:
# Specifies whether a service account should be created
@@ -23,12 +29,12 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
-## Additional node selector
-nodeSelector: {}
-
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod management policy
podManagementPolicy: OrderedReady
@@ -63,8 +69,11 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
+
# Resource limits and requests
resources: {}
@@ -84,10 +93,18 @@ initResources: {}
# cpu: 100m
# memory: 128Mi
+## Additional node selector
+nodeSelector: {}
+
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -237,3 +254,9 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart (only for option useDeployment: true)
keepPvc: false
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml
index c19d12f09129ba0309f70d5d772f55ad72804c18..340d484624aab5cce30a2f79476c86a2f11bcc91 100644
--- a/charts/nextcloud/Chart.yaml
+++ b/charts/nextcloud/Chart.yaml
@@ -8,7 +8,7 @@ maintainers:
- name: groundhog2k
# This is the chart version.
-version: "0.16.3"
+version: "0.16.4"
# This is the version number of the application being deployed.
appVersion: "28.0.1-apache"
diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md
index 3a26984ea122ee98b69930b0791122a4d00526aa..2379f401252202e8c28656594e178903deedbcb8 100644
--- a/charts/nextcloud/README.md
+++ b/charts/nextcloud/README.md
@@ -1,6 +1,6 @@
# Nextcloud
-  
+  
## Changelog
@@ -111,7 +111,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -121,6 +124,7 @@ helm uninstall my-release
| serviceAccount.annotations | object | `{}` | Additional service account annotations |
| affinity | object | `{}` | Affinity for pod assignment |
| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| containerPort | int | `8000` | Internal http container port |
| replicaCount | int | `1` | Number of replicas |
| initImage.pullPolicy | string | `"IfNotPresent"` | Init container image pull policy |
@@ -165,6 +169,7 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
## Ingress parameters
@@ -172,11 +177,21 @@ helm uninstall my-release
|-----|------|---------|-------------|
| ingress.enabled | bool | `false` | Enable ingress for Nextcloud service |
| ingress.className | string | `nil` | Optional ingress class name |
-| ingress.annotations | string | `nil` | Additional annotations for ingress |
+| ingress.annotations | object | `{}` | Additional annotations for ingress |
| ingress.hosts[0].host | string | `""` | Hostname for the ingress endpoint |
-| ingress.labels | string | `nil` | Additional ingress lables |
+| ingress.labels | object | `{}` | Additional ingress lables |
| ingress.maxBodySize | string | `"512m"` | Maximum body size for post requests |
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
+
## Redis session cache
| Key | Type | Default | Description |
@@ -248,9 +263,13 @@ helm uninstall my-release
| storage.nextcloud.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.nextcloud.className | string | `nil` | Storage class name |
| storage.nextcloud.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart |
-| storage.nextcloudData | object | `{}` | Nextcloud user data storage |
+| storage.nextcloud.annotations | object | `{}` | Additional storage annotations |
+| storage.nextcloudData.labels | object | `{}` | Additional storage labels |
+| storage.nextcloud | object | `{}` | Nextcloud user data storage |
| storage.nextcloudData.accessModes[0] | string | `"ReadWriteOnce"` | Storage access mode |
| storage.nextcloudData.persistentVolumeClaimName | string | `nil` | PVC name when existing storage volume should be used |
| storage.nextcloudData.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.nextcloudData.className | string | `nil` | Storage class name |
| storage.nextcloudData.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart |
+| storage.nextcloudData.annotations | object | `{}` | Additional storage annotations |
+| storage.nextcloudData.labels | object | `{}` | Additional storage labels |
diff --git a/charts/nextcloud/RELEASENOTES.md b/charts/nextcloud/RELEASENOTES.md
index 2105a6d3ae8ca00a0eb492a82b0fed31d66cbd0c..73294f1d9f7ce1e7eaf47d321b1d2ea40e112b86 100644
--- a/charts/nextcloud/RELEASENOTES.md
+++ b/charts/nextcloud/RELEASENOTES.md
@@ -58,4 +58,5 @@
| 0.16.1 | 28.0.1-apache | Upgraded to Nextcloud 28.0.1 |
| 0.16.2 | 28.0.1-apache | Added optional ingressClassName and removed deprecated api support |
| 0.16.3 | 28.0.1-apache | Refactored ingress configuration and added optional labels and pathType |
+| 0.16.4 | 28.0.1-apache | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml
index 8926e3b07b1175eb5b834ba01ff43dd3e622c96a..f54dab7b54e55a7a0a05329e932307dfec00ab24 100644
--- a/charts/nextcloud/templates/deployment.yaml
+++ b/charts/nextcloud/templates/deployment.yaml
@@ -4,6 +4,13 @@ metadata:
name: {{ include "nextcloud.fullname" . }}
labels:
{{- include "nextcloud.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: {{ .Values.replicas }}
{{- if .Values.revisionHistoryLimit }}
@@ -22,11 +29,14 @@ spec:
checksum/secureconfig: {{ include (print $.Template.BasePath "/secureconfig.yaml") . | sha256sum }}
checksum/extendedconfigs: {{ include (print $.Template.BasePath "/extendedconfigs.yaml") . | sha256sum }}
checksum/customconfigs: {{ include (print $.Template.BasePath "/customconfigs.yaml") . | sha256sum }}
- {{- with .Values.podAnnotations }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "nextcloud.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -205,6 +215,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
diff --git a/charts/nextcloud/templates/networkpolicy.yaml b/charts/nextcloud/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9864520f7a86724f55fe3d058c36fd52762333f1
--- /dev/null
+++ b/charts/nextcloud/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "nextcloud.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "nextcloud.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/pvcs.yaml b/charts/nextcloud/templates/pvcs.yaml
index c2c77f6e82d656d8c47da0de08521bf0483eccd2..0e6e15282c7edb63a21d5a53ded1b3349f1c23f0 100644
--- a/charts/nextcloud/templates/pvcs.yaml
+++ b/charts/nextcloud/templates/pvcs.yaml
@@ -6,10 +6,18 @@ metadata:
name: {{ include "nextcloud.fullname" . }}
labels:
{{- include "nextcloud.labels" . | nindent 4 }}
- {{- if .Values.storage.nextcloud.keepPvc }}
+ {{- with .Values.storage.nextcloud.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.nextcloud.keepPvc .Values.storage.nextcloud.annotations }}
annotations:
+ {{- if .Values.storage.nextcloud.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.nextcloud.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage.nextcloud }}
accessModes:
@@ -32,10 +40,18 @@ metadata:
name: {{ include "nextcloud.fullname" . }}-data
labels:
{{- include "nextcloud.labels" . | nindent 4 }}
- {{- if .Values.storage.nextcloudData.keepPvc }}
+ {{- with .Values.storage.nextcloudData.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.nextcloudData.keepPvc .Values.storage.nextcloudData.annotations }}
annotations:
+ {{- if .Values.storage.nextcloudData.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.nextcloudData.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage.nextcloudData }}
accessModes:
diff --git a/charts/nextcloud/templates/service.yaml b/charts/nextcloud/templates/service.yaml
index 0e68389bb756d1f3d4ff8a3c393c530ae6c3d726..6fa866b00e285590f22a46abe4c405d27d1331a7 100644
--- a/charts/nextcloud/templates/service.yaml
+++ b/charts/nextcloud/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "nextcloud.fullname" . }}
labels:
{{- include "nextcloud.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
index 0799924a750267791c01ada7ef6fc30980fb4849..3d9c9ff2ca4681dd8e892228f58ce383ca5e03e5 100644
--- a/charts/nextcloud/values.yaml
+++ b/charts/nextcloud/values.yaml
@@ -20,6 +20,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Pod deployment strategy
strategy:
type: RollingUpdate
@@ -57,12 +63,12 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
-## Additional node selector
-nodeSelector: {}
-
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod security options (default: www-data as fsGroup and user running as non-root)
podSecurityContext:
fsGroup: 33
@@ -85,8 +91,10 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
## Ingress configuration
ingress:
@@ -162,10 +170,18 @@ readinessProbe:
successThreshold: 1
periodSeconds: 10
+## Additional node selector
+nodeSelector: {}
+
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -341,6 +357,12 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart
keepPvc: false
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## Nextcloud user data storage
nextcloudData:
## Set persistentVolumenClaimName to reference an existing PVC
@@ -359,6 +381,12 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart
keepPvc: false
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## MariaDB configuration
mariadb:
## Enable MariaDB helm chart for deployment (default: false)
@@ -394,6 +422,12 @@ mariadb:
## the storage class name
className:
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## PostgreSQL configuration
postgres:
## Enable PostgreSQL helm chart for deployment (default: false)
@@ -425,6 +459,12 @@ postgres:
## the storage class name
className:
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## Redis configuration
redis:
## Enable Redis helm chart for deployment (default: false)
@@ -440,3 +480,15 @@ redis:
## the storage class name
className:
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/postgres/Chart.yaml b/charts/postgres/Chart.yaml
index 5abacad4f4b032c8a88de00470bb5fea15be850e..bc4d7518e1e81e51739abc6670de4d36730c52a9 100644
--- a/charts/postgres/Chart.yaml
+++ b/charts/postgres/Chart.yaml
@@ -7,6 +7,6 @@ type: application
maintainers:
- name: groundhog2k
-version: "0.5.1"
+version: "0.5.2"
appVersion: "16.1"
diff --git a/charts/postgres/README.md b/charts/postgres/README.md
index 8a66457bd13181af29368b9556ae8b9f7af6c2a4..232069ac7720cc0aa19c3b0ae6c02e8e13953ec4 100644
--- a/charts/postgres/README.md
+++ b/charts/postgres/README.md
@@ -1,6 +1,6 @@
# PostgreSQL
-  
+  
## Changelog
@@ -73,7 +73,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -81,8 +84,9 @@ helm uninstall my-release
| serviceAccount.annotations | object | `{}` | Additional service account annotations |
| serviceAccount.create | bool | `false` | Enable service account creation |
| serviceAccount.name | string | `""` | Name of the service account |
-| affinity | object | `{}` | |
-| tolerations | list | `[]` | |
+| affinity | object | `{}` | Affinity for pod assignment |
+| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| podManagementPolicy | string | `"OrderedReady"` | Pod management policy |
| updateStrategyType | string | `"RollingUpdate"` | Pod update strategy |
| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history
@@ -97,6 +101,17 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
+
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
## Storage parameters
@@ -108,6 +123,8 @@ helm uninstall my-release
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart (only for option `useDeployment: true`) |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## PostgreSQL parameters
diff --git a/charts/postgres/RELEASENOTES.md b/charts/postgres/RELEASENOTES.md
index 57825b67085f258e0726e46c234a3c089d3c098f..0105079795eab2307450dfa69499b0f0dc7f7e56 100644
--- a/charts/postgres/RELEASENOTES.md
+++ b/charts/postgres/RELEASENOTES.md
@@ -39,4 +39,5 @@
| 0.4.7 | 15.5 | Upgraded to Postgres 15.5 |
| 0.5.0 | 16.0 | Upgraded to Postgres 16.0 |
| 0.5.1 | 16.1 | Upgraded to Postgres 16.1 |
+| 0.5.2 | 16.1 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/postgres/templates/networkpolicy.yaml b/charts/postgres/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7f66954989ca90ecb4250acde03b1bb412ccfb5a
--- /dev/null
+++ b/charts/postgres/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "postgres.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "postgres.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/postgres/templates/pvc.yaml b/charts/postgres/templates/pvc.yaml
index 50c49d2dcaac1c178fd29a1065bcd4a85e0f8081..54178b169c6a7e2d8b0c9f176ab364a58320dba4 100644
--- a/charts/postgres/templates/pvc.yaml
+++ b/charts/postgres/templates/pvc.yaml
@@ -7,10 +7,18 @@ metadata:
name: {{ include "postgres.fullname" . }}
labels:
{{- include "postgres.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/postgres/templates/service.yaml b/charts/postgres/templates/service.yaml
index 40ac0468070bbfb311c9ed7833e9901fb4ab0cc8..a1fcdf7b9e89e018ae2bb533a4470e12d4c43e01 100644
--- a/charts/postgres/templates/service.yaml
+++ b/charts/postgres/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "postgres.fullname" . }}
labels:
{{- include "postgres.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/postgres/templates/statefulset.yaml b/charts/postgres/templates/statefulset.yaml
index 2b98effa5a54b89227d136a10f0a728112af51b2..89bb6469d9096104793be0ebb4c4039b19190a30 100644
--- a/charts/postgres/templates/statefulset.yaml
+++ b/charts/postgres/templates/statefulset.yaml
@@ -10,6 +10,13 @@ metadata:
name: {{ $fullname }}
labels:
{{- include "postgres.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: 1
{{- if .Values.revisionHistoryLimit }}
@@ -39,6 +46,9 @@ spec:
{{- end }}
labels:
{{- include "postgres.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -219,6 +229,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: run
emptyDir: {}
@@ -279,6 +293,14 @@ spec:
volumeClaimTemplates:
- metadata:
name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
{{- with .accessModes }}
accessModes:
diff --git a/charts/postgres/values.yaml b/charts/postgres/values.yaml
index 3dcc0167310bf40c29066ff057cd3f441687b691..68052c1072556fbf60d22744952d7336f37f2f08 100644
--- a/charts/postgres/values.yaml
+++ b/charts/postgres/values.yaml
@@ -13,6 +13,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Optional service account
serviceAccount:
# Specifies whether a service account should be created
@@ -26,6 +32,9 @@ serviceAccount:
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod management policy
podManagementPolicy: OrderedReady
@@ -60,8 +69,11 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
+
resources: {}
# limits:
@@ -74,10 +86,15 @@ resources: {}
## Additional node selector
nodeSelector: {}
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -210,3 +227,15 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart (only for option useDeployment: true)
keepPvc: false
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/rabbitmq/Chart.yaml b/charts/rabbitmq/Chart.yaml
index 18980e42d15de4f4f412068d3ee8325381ba1881..876683ab6e28d83c27d12b5439f1cf4a3a6d4d0f 100644
--- a/charts/rabbitmq/Chart.yaml
+++ b/charts/rabbitmq/Chart.yaml
@@ -7,6 +7,6 @@ type: application
maintainers:
- name: groundhog2k
-version: "0.7.16"
+version: "0.7.17"
appVersion: "3.12.11"
diff --git a/charts/rabbitmq/README.md b/charts/rabbitmq/README.md
index 73fed050830253d93394203d4f049cd223024ad1..620d4d77cc24b31defdfaf8856ac1c30c967276c 100644
--- a/charts/rabbitmq/README.md
+++ b/charts/rabbitmq/README.md
@@ -1,6 +1,6 @@
# RabbitMQ
-  
+  
A Helm chart for a RabbitMQ HA-cluster on Kubernetes
@@ -76,9 +76,10 @@ helm uninstall my-release
| initResources | object | `{}` | Resource limits and requests for the default init container |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
-| statefulsetLabels | object | `{}` | Additional StatefulSet labels |
-| statefulsetAnnotations | object | `{}` | Additional StatefulSet annotations |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -152,8 +153,11 @@ Section to define custom services
|-----|------|---------|-------------|
| storage.accessModes[0] | string | `"ReadWriteOnce"` | Storage access mode |
| storage.persistentVolumeClaimName | string | `nil` | PVC name when existing storage volume should be used |
+| storage.volumeName | string | `"rabbitmq-volume"` | Internal volume name |
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## Ingress parameters
@@ -161,8 +165,8 @@ Section to define custom services
|-----|------|---------|-------------|
| ingress.enabled | bool | `false` | Enable ingress for the Management UI service |
| ingress.className | string | `nil` | Optional ingress class name |
-| ingress.annotations | string | `nil` | Additional annotations for ingress |
-| ingress.labels | string | `nil` | Additional ingress lables |
+| ingress.annotations | object | `{}` | Additional annotations for ingress |
+| ingress.labels | object | `{}` | Additional ingress lables |
| ingress.hosts[0].host | string | `""` | Hostname for the ingress endpoint |
| ingress.hosts[0].host.paths[0].path | string | `"/"` | Path for the RabbitMQ Management UI |
| ingress.hosts[0].host.paths[0].pathType | string | `"ImplementationSpecific"` | Ingress path type (ImplementationSpecific, Prefix, Exact) |
diff --git a/charts/rabbitmq/RELEASENOTES.md b/charts/rabbitmq/RELEASENOTES.md
index a68c6f7d79274f0395d1ca7ca8617cc616bcc4fc..6978fc118b9098117a6f277ff50cb1fb673ddc07 100644
--- a/charts/rabbitmq/RELEASENOTES.md
+++ b/charts/rabbitmq/RELEASENOTES.md
@@ -112,4 +112,5 @@
| 0.7.14 | 3.12.11 | Renamed property for topology spread constraints |
| 0.7.15 | 3.12.11 | Added optional ingressClassName and removed deprecated api support |
| 0.7.16 | 3.12.11 | Refactored ingress configuration and added optional labels and pathType |
+| 0.7.17 | 3.12.11 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/rabbitmq/templates/statefulset.yaml b/charts/rabbitmq/templates/statefulset.yaml
index b2a23e981bf6a09ee28bb39cb98050fb88cb3bbf..e8c58de0c8940b819cc8dc74f2e26ef70fa6fcc4 100644
--- a/charts/rabbitmq/templates/statefulset.yaml
+++ b/charts/rabbitmq/templates/statefulset.yaml
@@ -4,10 +4,10 @@ metadata:
name: {{ include "rabbitmq.fullname" . }}
labels:
{{- include "rabbitmq.labels" . | nindent 4 }}
- {{- with .Values.statefulsetLabels }}
+ {{- with .Values.customLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
- {{- with .Values.statefulsetAnnotations }}
+ {{- with .Values.customAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
@@ -29,11 +29,14 @@ spec:
checksum/rabbit-config: {{ include (print $.Template.BasePath "/rabbit-config.yaml") . | sha256sum }}
checksum/plugins-config: {{ include (print $.Template.BasePath "/plugins-config.yaml") . | sha256sum }}
checksum/scripts: {{ include (print $.Template.BasePath "/scripts.yaml") . | sha256sum }}
- {{- with .Values.podAnnotations }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "rabbitmq.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
serviceAccountName: {{ include "rabbitmq.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
@@ -301,28 +304,38 @@ spec:
secretName: {{ $secret.name }}
defaultMode: 0440
{{- end }}
- {{- if .Values.storage.persistentVolumeClaimName }}
- - name: rabbitmq-volume
+{{- with .Values.storage }}
+ {{- $createPvc := and (empty .persistentVolumeClaimName) .requestedSize }}
+ {{- if not $createPvc }}
+ - name: {{ .volumeName }}
+ {{- if .persistentVolumeClaimName }}
persistentVolumeClaim:
- claimName: {{ .Values.storage.persistentVolumeClaimName }}
- {{- else }}
- {{- if not .Values.storage.requestedSize }}
- - name: rabbitmq-volume
+ claimName: {{ .persistentVolumeClaimName }}
+ {{- else }}
emptyDir: {}
+ {{- end }}
{{- else }}
volumeClaimTemplates:
- metadata:
- name: rabbitmq-volume
+ name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
- {{- with .Values.storage.accessModes }}
+ {{- with .accessModes }}
accessModes:
{{- toYaml . | nindent 10 }}
{{- end }}
- {{- if .Values.storage.className }}
- storageClassName: {{ .Values.storage.className }}
+ {{- if .className }}
+ storageClassName: {{ .className }}
{{- end }}
resources:
requests:
- storage: {{ .Values.storage.requestedSize }}
- {{- end }}
+ storage: {{ .requestedSize }}
{{- end }}
+{{- end }}
diff --git a/charts/rabbitmq/values.yaml b/charts/rabbitmq/values.yaml
index 2bb070f2ff1ed94111456d2b927d851ea446960a..fad38c34e89de69aae2d84ce1fb68857c616ccf9 100644
--- a/charts/rabbitmq/values.yaml
+++ b/charts/rabbitmq/values.yaml
@@ -23,15 +23,18 @@ fullnameOverride: ""
## Number of replicas
replicaCount: 1
-## Additional statefulset labels
-statefulsetLabels: {}
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
-## Additional statefulset annotations
-statefulsetAnnotations: {}
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod security options
podSecurityContext:
fsGroup: 999
@@ -385,6 +388,9 @@ storage:
## Set persistentVolumenClaimName to reference an existing PVC
persistentVolumeClaimName:
+ ## Internal volume name
+ volumeName: "rabbitmq-volume"
+
## Alternative set requestedSize to define a size for a dynamically created PVC
requestedSize:
@@ -394,3 +400,15 @@ storage:
## Default access mode (ReadWriteOnce)
accessModes:
- ReadWriteOnce
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/redis/Chart.yaml b/charts/redis/Chart.yaml
index 29e7dcb6c5301edb136ecb7eb3324670f74205a4..4969f4d67f96a5e72be97bd473a301dde365ccac 100644
--- a/charts/redis/Chart.yaml
+++ b/charts/redis/Chart.yaml
@@ -8,7 +8,7 @@ maintainers:
- name: groundhog2k
# This is the chart version
-version: "0.7.8"
+version: "0.7.9"
# This is the version number of the application being deployed.
appVersion: "7.2.3"
diff --git a/charts/redis/README.md b/charts/redis/README.md
index 46dce41b6b223001460a0e3677531aabcab052aa..b330fa445506486227d4268b2d8452ac6c3eac5a 100644
--- a/charts/redis/README.md
+++ b/charts/redis/README.md
@@ -1,6 +1,6 @@
# Redis
-  
+  
## Changelog
@@ -104,7 +104,10 @@ helm uninstall my-release
| resources | object | `{}` | Resource limits and requests |
| sentinelResources | object | `{}` | Resource limits and requests (for Redis Sentinel - only when haMode is enabled) |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables (Redis server and Sentinel) |
@@ -183,6 +186,8 @@ helm uninstall my-release
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart (only for `useDeploymentWhenNonHA`) |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## Network policies
diff --git a/charts/redis/RELEASENOTES.md b/charts/redis/RELEASENOTES.md
index 8421c3841c95ceea91637061ea23f01f4b39d04b..f60ab38e63a551079d09d0ee7e704b1b874cc7ae 100644
--- a/charts/redis/RELEASENOTES.md
+++ b/charts/redis/RELEASENOTES.md
@@ -48,4 +48,5 @@
| 0.7.6 | 7.2.3 | Added additional service labels - thx @m4r1u2 |
| 0.7.7 | 7.2.3 | Added pod topology spread constraints - thx @tim-hanssen |
| 0.7.8 | 7.2.3 | Renamed property for topology spread constraints |
+| 0.7.9 | 7.2.3 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/redis/templates/pvc.yaml b/charts/redis/templates/pvc.yaml
index c35a0d96c5b75b10a6ecdd7316d3f7b2f4a0de8a..07d0d2e322f4d4ad833f5a96e98a51777c145a16 100644
--- a/charts/redis/templates/pvc.yaml
+++ b/charts/redis/templates/pvc.yaml
@@ -7,10 +7,18 @@ metadata:
name: {{ include "redis.fullname" . }}
labels:
{{- include "redis.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/redis/templates/statefulset.yaml b/charts/redis/templates/statefulset.yaml
index 4290aace3cb67c4bfc1e49b45df57300f0677ad1..03109ad5624a0e5e0973cc384c6321ab7fa7289c 100644
--- a/charts/redis/templates/statefulset.yaml
+++ b/charts/redis/templates/statefulset.yaml
@@ -11,6 +11,13 @@ metadata:
name: {{ $fullname }}
labels:
{{- include "redis.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
{{- if .Values.haMode.enabled }}
replicas: {{ .Values.haMode.replicas }}
@@ -37,11 +44,14 @@ spec:
annotations:
checksum/customconfig: {{ include (print $.Template.BasePath "/customconfig.yaml") . | sha256sum }}
checksum/scripts: {{ include (print $.Template.BasePath "/scripts.yaml") . | sha256sum }}
- {{- with .Values.podAnnotations }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "redis.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -441,6 +451,14 @@ spec:
volumeClaimTemplates:
- metadata:
name: {{ .volumeName }}
+ {{- with .labels }}
+ labels:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
{{- with .accessModes }}
accessModes:
diff --git a/charts/redis/values.yaml b/charts/redis/values.yaml
index 6d1189e4f1907eda6fd01e96f944e33cc5f5b332..8ce9be964334dcaebc4d5349be8b9cbee95123da 100644
--- a/charts/redis/values.yaml
+++ b/charts/redis/values.yaml
@@ -13,6 +13,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Optional service account
serviceAccount:
# Specifies whether a service account should be created
@@ -26,6 +32,9 @@ serviceAccount:
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod management policy
podManagementPolicy: OrderedReady
@@ -379,3 +388,15 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart (only for non-HA mode with option useDeploymentWhenNonHA: true)
keepPvc: false
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/remark42/Chart.yaml b/charts/remark42/Chart.yaml
index e502cbaf2e20bfe2abf2ac642a9afa4b65e1afa5..d571f6a5336a114ebf19c8a36879e55592619bcb 100644
--- a/charts/remark42/Chart.yaml
+++ b/charts/remark42/Chart.yaml
@@ -7,7 +7,7 @@ type: application
maintainers:
- name: groundhog2k
-version: "0.6.3"
+version: "0.6.4"
appVersion: "v1.12.1"
diff --git a/charts/remark42/README.md b/charts/remark42/README.md
index 1de8676d490987f602cdf46401ad3a94d9b4449d..30a4142b85dfbf5c0fc614ab37d760bbc9cddac8 100644
--- a/charts/remark42/README.md
+++ b/charts/remark42/README.md
@@ -1,6 +1,6 @@
# Remark42
-  
+  
A Helm chart for Remark42 on Kubernetes
@@ -74,7 +74,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector."kubernetes.io/arch" | string | `"amd64"` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -83,6 +86,7 @@ helm uninstall my-release
| serviceAccount.annotations | object | `{}` | Additional service account annotations |
| affinity | object | `{}` | Affinity for pod assignment |
| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| containerPort | int | `8080` | Internal http container port |
| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history
@@ -96,6 +100,7 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
## Ingress parameters
@@ -103,8 +108,8 @@ helm uninstall my-release
|-----|------|---------|-------------|
| ingress.enabled | bool | `false` | Enable ingress for Remark42 service |
| ingress.className | string | `nil` | Optional ingress class name |
-| ingress.annotations | string | `nil` | Additional annotations for ingress |
-| ingress.labels | string | `nil` | Additional ingress lables |
+| ingress.annotations | object | `{}` | Additional annotations for ingress |
+| ingress.labels | object | `{}` | Additional ingress lables |
| ingress.hosts[0].host | string | `""` | Hostname for the ingress endpoint |
| ingress.hosts[0].host.paths[0].path | string | `"/"` | Path of the Ghost UI |
| ingress.hosts[0].host.paths[0].pathType | string | `"ImplementationSpecific"` | Ingress path type (ImplementationSpecific, Prefix, Exact) |
@@ -115,6 +120,16 @@ helm uninstall my-release
| ingress.tls | object | `{}` | Ingress TLS parameters |
| ingress.tls.secretName | string | `nil` | Ingress TLS secret name |
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
+
## Redis cache
| Key | Type | Default | Description |
@@ -252,6 +267,8 @@ helm uninstall my-release
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
## Extra resources
diff --git a/charts/remark42/RELEASENOTES.md b/charts/remark42/RELEASENOTES.md
index 7bfd69f6389b82fce8104457b01c2f170d69964a..5c2ec4327a768a6610fcd0988d3edb6bc971b665 100644
--- a/charts/remark42/RELEASENOTES.md
+++ b/charts/remark42/RELEASENOTES.md
@@ -30,4 +30,5 @@
| 0.6.1 | v1.12.1 | Upgraded to Remark42 v1.12.1 |
| 0.6.2 | v1.12.1 | Added optional ingressClassName and removed deprecated api support |
| 0.6.3 | v1.12.1 | Refactored ingress configuration and added optional labels and pathType |
+| 0.6.4 | v1.12.1 | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/remark42/templates/deployment.yaml b/charts/remark42/templates/deployment.yaml
index bf1fcb96af4508a562bb9163048e7f422a223cc3..138bf2af2737dca53b7de5964f233d96c914c557 100644
--- a/charts/remark42/templates/deployment.yaml
+++ b/charts/remark42/templates/deployment.yaml
@@ -4,6 +4,13 @@ metadata:
name: {{ include "remark42.fullname" . }}
labels:
{{- include "remark42.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: 1
{{- if .Values.revisionHistoryLimit }}
@@ -20,11 +27,14 @@ spec:
metadata:
annotations:
checksum/secureconfig: {{ include (print $.Template.BasePath "/secureconfig.yaml") . | sha256sum }}
- {{- with .Values.podAnnotations }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "remark42.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -151,6 +161,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
diff --git a/charts/remark42/templates/networkpolicy.yaml b/charts/remark42/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4b9afe303f75ef7c0791e1a3a76d888910da0149
--- /dev/null
+++ b/charts/remark42/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "remark42.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "remark42.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/remark42/templates/pvc.yaml b/charts/remark42/templates/pvc.yaml
index c4c3df2d93532f754376fcb0ef5ff2ace773394d..ce040f95485e0651fccddf1197a30b695c537fb9 100644
--- a/charts/remark42/templates/pvc.yaml
+++ b/charts/remark42/templates/pvc.yaml
@@ -6,10 +6,18 @@ metadata:
name: {{ include "remark42.fullname" . }}
labels:
{{- include "remark42.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/remark42/templates/service.yaml b/charts/remark42/templates/service.yaml
index 227048ea9c92234b08d2f8f95f84472226d31d82..ae3e33ceb9bbe4fbd06252c6fc7a9915b0c94bda 100644
--- a/charts/remark42/templates/service.yaml
+++ b/charts/remark42/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "remark42.fullname" . }}
labels:
{{- include "remark42.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/remark42/values.yaml b/charts/remark42/values.yaml
index 47a7f4807965e9b6a1ff6dd4844ce58b539de23b..c38e05f0fce7cd6c4c0a39063bd9ca6f1d13923f 100644
--- a/charts/remark42/values.yaml
+++ b/charts/remark42/values.yaml
@@ -22,6 +22,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Pod deployment strategy
strategy:
type: Recreate
@@ -39,6 +45,9 @@ serviceAccount:
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod security options (Run as app)
podSecurityContext:
fsGroup: 1001
@@ -61,8 +70,10 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
ingress:
enabled: false
@@ -100,10 +111,15 @@ resources: {}
nodeSelector:
kubernetes.io/arch: amd64
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -403,6 +419,12 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart
keepPvc: false
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## Redis configuration
redis:
## Enable Redis helm chart for deployment (default: false)
@@ -419,6 +441,12 @@ redis:
## the storage class name
className:
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
extraResources: []
# - |
# apiVersion: projectcontour.io/v1
@@ -436,3 +464,9 @@ extraResources: []
# - services:
# - name: {{ include "remark42.fullname" . }}
# port: {{ .Values.service.port }}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}
diff --git a/charts/wordpress/Chart.yaml b/charts/wordpress/Chart.yaml
index f675d0b40600a9975ebbd5c14551b81dcea9c0e2..f467023e9c9aa114e250d6affd82fe0561f05fb3 100644
--- a/charts/wordpress/Chart.yaml
+++ b/charts/wordpress/Chart.yaml
@@ -8,7 +8,7 @@ maintainers:
type: application
# This is the chart version.
-version: "0.10.4"
+version: "0.10.5"
# This is the version number of the application being deployed.
appVersion: "6.4.2-apache"
diff --git a/charts/wordpress/README.md b/charts/wordpress/README.md
index dfe8b7a7d486e9cdc3a73d3c5f7181d7140c469b..65ed38a0c5afccb84c732adef26bbc8ffab11c28 100644
--- a/charts/wordpress/README.md
+++ b/charts/wordpress/README.md
@@ -1,6 +1,6 @@
# Wordpress
-  
+  
## Changelog
@@ -76,7 +76,10 @@ helm uninstall my-release
| customReadinessProbe | object | `{}` | Custom readiness probe (overwrites default readiness probe configuration) |
| resources | object | `{}` | Resource limits and requests |
| nodeSelector | object | `{}` | Deployment node selector |
+| customLabels | object | `{}` | Additional labels for Deployment or StatefulSet |
+| customAnnotations | object | `{}` | Additional annotations for Deployment or StatefulSet |
| podAnnotations | object | `{}` | Additional pod annotations |
+| podLabels | object | `{}` | Additional pod labels |
| podSecurityContext | object | `see values.yaml` | Pod security context |
| securityContext | object | `see values.yaml` | Container security context |
| env | list | `[]` | Additional container environmment variables |
@@ -86,6 +89,7 @@ helm uninstall my-release
| serviceAccount.annotations | object | `{}` | Additional service account annotations |
| affinity | object | `{}` | Affinity for pod assignment |
| tolerations | list | `[]` | Tolerations for pod assignment |
+| topologySpreadConstraints | object | `{}` | Topology spread constraints for pods |
| containerPort | int | `8000` | Internal http container port |
| replicaCount | int | `1` | Number of replicas |
| revisionHistoryLimit | int | `nil` | Maximum number of revisions maintained in revision history
@@ -103,6 +107,7 @@ helm uninstall my-release
| service.clusterIP | string | `nil` | The cluster ip address (only relevant for type LoadBalancer or NodePort) |
| service.loadBalancerIP | string | `nil` | The load balancer ip address (only relevant for type LoadBalancer) |
| service.annotations | object | `{}` | Additional service annotations |
+| service.labels | object | `{}` | Additional service labels |
## Ingress parameters
@@ -110,14 +115,24 @@ helm uninstall my-release
|-----|------|---------|-------------|
| ingress.enabled | bool | `false` | Enable ingress for Wordpress service |
| ingress.className | string | `nil` | Optional ingress class name |
-| ingress.annotations | string | `nil` | Additional annotations for ingress |
-| ingress.labels | string | `nil` | Additional ingress lables |
+| ingress.annotations | object | `{}` | Additional annotations for ingress |
+| ingress.labels | object | `{}` | Additional ingress lables |
| ingress.hosts[0].host | string | `""` | Hostname for the ingress endpoint |
| ingress.hosts[0].host.paths[0].path | string | `"/"` | Default root path |
| ingress.hosts[0].host.paths[0].pathType | string | `ImplementationSpecific` | Ingress path type (ImplementationSpecific, Prefix, Exact) |
| ingress.tls | list | `[]` | Ingress TLS parameters |
| ingress.maxBodySize | string | `"64m"` | Maximum body size for post requests |
+## Network policies
+
+Allows to define optional network policies for [ingress and egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+The policyTypes will be automatically set
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| networkPolicy.ingress | object | `{}` | Ingress network policies |
+| networkPolicy.egress | object | `{}` | Egress network policies |
+
## Database settings
| Key | Type | Default | Description |
@@ -157,3 +172,5 @@ helm uninstall my-release
| storage.requestedSize | string | `nil` | Size for new PVC, when no existing PVC is used |
| storage.className | string | `nil` | Storage class name |
| storage.keepPvc | bool | `false` | Keep a created Persistent volume claim when uninstalling the helm chart |
+| storage.annotations | object | `{}` | Additional storage annotations |
+| storage.labels | object | `{}` | Additional storage labels |
diff --git a/charts/wordpress/RELEASENOTES.md b/charts/wordpress/RELEASENOTES.md
index f4037dd9490b08f44958721a6876ae0a79dc8726..e6204fa46752b292878a1b945222f4bb065e033e 100644
--- a/charts/wordpress/RELEASENOTES.md
+++ b/charts/wordpress/RELEASENOTES.md
@@ -40,4 +40,5 @@
| 0.10.2 | 6.4.2-apache | Upgraded to Wordpress 6.4.2 |
| 0.10.3 | 6.4.2-apache | Added optional ingressClassName and removed deprecated api support |
| 0.10.4 | 6.4.2-apache | Refactored ingress configuration and added optional labels |
+| 0.10.5 | 6.4.2-apache | Added support for network policies and additional labels and annotations |
| | | |
diff --git a/charts/wordpress/templates/deployment.yaml b/charts/wordpress/templates/deployment.yaml
index 3be5ccb25997b3864a90c332d564e676fe951c78..d505a1a05ec0ef5db168d44dc1d84aaea5d54549 100644
--- a/charts/wordpress/templates/deployment.yaml
+++ b/charts/wordpress/templates/deployment.yaml
@@ -4,6 +4,13 @@ metadata:
name: {{ include "wordpress.fullname" . }}
labels:
{{- include "wordpress.labels" . | nindent 4 }}
+ {{- with .Values.customLabels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.customAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
replicas: {{ .Values.replicaCount }}
{{- if .Values.revisionHistoryLimit }}
@@ -21,11 +28,14 @@ spec:
annotations:
checksum/secureconfig: {{ include (print $.Template.BasePath "/secureconfig.yaml") . | sha256sum }}
checksum/extendedconfig: {{ include (print $.Template.BasePath "/extendedconfig.yaml") . | sha256sum }}
- {{- with .Values.podAnnotations }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
- {{- end }}
+ {{- end }}
labels:
{{- include "wordpress.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -181,6 +191,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
volumes:
- name: tmp
emptyDir: {}
diff --git a/charts/wordpress/templates/networkpolicy.yaml b/charts/wordpress/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..387dadb3acb87ae6b4d4036f3ea74a7cda8f650a
--- /dev/null
+++ b/charts/wordpress/templates/networkpolicy.yaml
@@ -0,0 +1,25 @@
+{{- with .Values.networkPolicy }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "wordpress.fullname" $ }}
+spec:
+ podSelector:
+ matchLabels:
+ {{- include "wordpress.selectorLabels" $ | nindent 6 }}
+ policyTypes:
+ {{- if .ingress }}
+ - Ingress
+ {{- end }}
+ {{- if .egress }}
+ - Egress
+ {{- end }}
+ {{- with .ingress }}
+ ingress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .egress }}
+ egress:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/wordpress/templates/pvc.yaml b/charts/wordpress/templates/pvc.yaml
index 97796fb6f0767a92ade1682718d5a7a9fe5e2f14..1d21709f0612a9e9a4095c83ef3d193e00597f0f 100644
--- a/charts/wordpress/templates/pvc.yaml
+++ b/charts/wordpress/templates/pvc.yaml
@@ -6,10 +6,18 @@ metadata:
name: {{ include "wordpress.fullname" . }}
labels:
{{- include "wordpress.labels" . | nindent 4 }}
- {{- if .Values.storage.keepPvc }}
+ {{- with .Values.storage.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.keepPvc .Values.storage.annotations }}
annotations:
+ {{- if .Values.storage.keepPvc }}
"helm.sh/resource-policy": keep
{{- end }}
+ {{- with .Values.storage.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- end }}
spec:
{{- with .Values.storage }}
accessModes:
diff --git a/charts/wordpress/templates/service.yaml b/charts/wordpress/templates/service.yaml
index d3ed96aced0b4f2041a38927ba00c24649d2ead1..757f723f34287cafdebeab33f2f12acb95280d6f 100644
--- a/charts/wordpress/templates/service.yaml
+++ b/charts/wordpress/templates/service.yaml
@@ -4,6 +4,9 @@ metadata:
name: {{ include "wordpress.fullname" . }}
labels:
{{- include "wordpress.labels" . | nindent 4 }}
+ {{- with .Values.service.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
diff --git a/charts/wordpress/values.yaml b/charts/wordpress/values.yaml
index 41ffc0cdd011cd0175d1c7c4f593468c45da3b4f..cd283c832ea061a2a6d9546a9ce9922313a50120 100644
--- a/charts/wordpress/values.yaml
+++ b/charts/wordpress/values.yaml
@@ -16,6 +16,12 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
+## Additional labels for Deployment or StatefulSet
+customLabels: {}
+
+## Additional annotations for Deployment or StatefulSet
+customAnnotations: {}
+
## Pod deployment strategy
strategy: {}
@@ -29,12 +35,12 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template
name: ""
-## Additional node selector
-nodeSelector: {}
-
## Additional pod annotations
podAnnotations: {}
+## Additional pod labels
+podLabels: {}
+
## Pod security options (default: www-data as fsGroup and user running as non-root)
podSecurityContext:
fsGroup: 33
@@ -56,8 +62,10 @@ service:
clusterIP:
## The loadbalancer ip address (only relevant for type LoadBalancer)
loadBalancerIP:
- # Annotations to add to the service
+ ## Annotations to add to the service
annotations: {}
+ ## Labels to add to the service
+ labels: {}
## Ingress configuration
ingress:
@@ -142,10 +150,18 @@ extraInitContainers: []
## Extra containers for usage as sidecars
extraContainers:
+## Additional node selector
+nodeSelector: {}
+
+## Tolerations for pod assignment
tolerations: []
+## Affinity for pod assignment
affinity: {}
+## Topology spread constraints for pods
+topologySpreadConstraints: {}
+
## Maximum number of revisions maintained in revision history
revisionHistoryLimit:
@@ -231,6 +247,12 @@ storage:
## Keep a created Persistent volume claim when uninstalling the helm chart
keepPvc: false
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
## MariaDB configuration
mariadb:
## Enable MariaDB helm chart for deployment (default: false)
@@ -260,3 +282,15 @@ mariadb:
## the storage class name
className:
+
+ ## Additional storage annotations
+ annotations: {}
+
+ ## Additional storage labels
+ labels: {}
+
+## Network policies
+networkPolicy: {}
+ ## Ingress and Egress policies
+ # ingress: {}
+ # egress: {}