Merge branch 'CloudPirates-io:main' into main

ixxeL2097 · web-flow · commit 8aaa3e8e8b24 · 2025-10-02T17:50:26.000+02:00
diff --git a/charts/keycloak/CHANGELOG.md b/charts/keycloak/CHANGELOG.md
@@ -1,43 +1,5 @@
 # Changelog
 
-## 0.1.7 (2025-09-29)
+## 0.1.9 (2025-10-02)
 
-* [keycloak] replace deprecated 'proxy' with new proxy parameters ([#183](https://github.com/CloudPirates-io/helm-charts/pull/183))
-
-## <small>0.1.6 (2025-09-26)</small>
-
-* [postgres] chore(deps): update postgres:17.6 Docker digest to 0b6428e (#162) ([6293612](https://github.com/CloudPirates-io/helm-charts/commit/6293612)), closes [#162](https://github.com/CloudPirates-io/helm-charts/issues/162)
-
-## <small>0.1.5 (2025-09-25)</small>
-
-* add namespaces to templates, change user/group-ids to 1001 ([31b203b](https://github.com/CloudPirates-io/helm-charts/commit/31b203b))
-* add readme documentation and values.schema.json ([369448b](https://github.com/CloudPirates-io/helm-charts/commit/369448b))
-* add support for extra env vars from an existing secret (#158) ([263604f](https://github.com/CloudPirates-io/helm-charts/commit/263604f)), closes [#158](https://github.com/CloudPirates-io/helm-charts/issues/158)
-* Fix resolving template expressions in extraobjects ([12a1cb5](https://github.com/CloudPirates-io/helm-charts/commit/12a1cb5))
-* [postgres] chore(deps): update postgres:17.6 Docker digest to 0f4f200 ([b4a6a30](https://github.com/CloudPirates-io/helm-charts/commit/b4a6a30))
-* Add keycloak logo ([bf1e1c2](https://github.com/CloudPirates-io/helm-charts/commit/bf1e1c2))
-* Add TODO ([8162d60](https://github.com/CloudPirates-io/helm-charts/commit/8162d60))
-* Artifact hub id ([02540ae](https://github.com/CloudPirates-io/helm-charts/commit/02540ae))
-* Bump the correct thing ([35e7901](https://github.com/CloudPirates-io/helm-charts/commit/35e7901))
-* Fix chart version bump ([aae07b1](https://github.com/CloudPirates-io/helm-charts/commit/aae07b1))
-* Fix deprecated env vars warning ([50d9fa0](https://github.com/CloudPirates-io/helm-charts/commit/50d9fa0))
-* Fix lint ([4bf9e77](https://github.com/CloudPirates-io/helm-charts/commit/4bf9e77))
-* Fix lint 2 ([a38fc35](https://github.com/CloudPirates-io/helm-charts/commit/a38fc35))
-* Fix lint 3 ([0875bfa](https://github.com/CloudPirates-io/helm-charts/commit/0875bfa))
-* Fix lint 4 ([7fcbd78](https://github.com/CloudPirates-io/helm-charts/commit/7fcbd78))
-* Improvements ([cea8f2c](https://github.com/CloudPirates-io/helm-charts/commit/cea8f2c))
-* Initial implementation ([c5d41ec](https://github.com/CloudPirates-io/helm-charts/commit/c5d41ec))
-* Rework keycloak ([2afb0fd](https://github.com/CloudPirates-io/helm-charts/commit/2afb0fd))
-* Update CHANGELOG.md ([b7572a8](https://github.com/CloudPirates-io/helm-charts/commit/b7572a8))
-* Update CHANGELOG.md ([245f9b6](https://github.com/CloudPirates-io/helm-charts/commit/245f9b6))
-* Update CHANGELOG.md ([0bf9f75](https://github.com/CloudPirates-io/helm-charts/commit/0bf9f75))
-* Update CHANGELOG.md ([03d476e](https://github.com/CloudPirates-io/helm-charts/commit/03d476e))
-* Update CHANGELOG.md ([20c19bb](https://github.com/CloudPirates-io/helm-charts/commit/20c19bb))
-* Update CHANGELOG.md ([68435aa](https://github.com/CloudPirates-io/helm-charts/commit/68435aa))
-* Update CHANGELOG.md ([b8adca8](https://github.com/CloudPirates-io/helm-charts/commit/b8adca8))
-* Update CHANGELOG.md ([62e51b9](https://github.com/CloudPirates-io/helm-charts/commit/62e51b9))
-* Update CHANGELOG.md ([54f725e](https://github.com/CloudPirates-io/helm-charts/commit/54f725e))
-* Update CHANGELOG.md ([2ed9b3f](https://github.com/CloudPirates-io/helm-charts/commit/2ed9b3f))
-* Update CHANGELOG.md ([2178148](https://github.com/CloudPirates-io/helm-charts/commit/2178148))
-* Update CHANGELOG.md ([8d6710f](https://github.com/CloudPirates-io/helm-charts/commit/8d6710f))
-* chore: fix changelog ([bd9f1a8](https://github.com/CloudPirates-io/helm-charts/commit/bd9f1a8))
+* [keycloak] add topologySpreadConstraints and trafficDistribution opti… ([#209](https://github.com/CloudPirates-io/helm-charts/pull/209))
diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: keycloak
 description: Open Source Identity and Access Management Solution
 type: application
-version: 0.1.8
+version: 0.1.9
 appVersion: "26.3.4"
 keywords:
   - keycloak
diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md
@@ -162,14 +162,15 @@ The following table lists the configurable parameters of the Keycloak chart and
 
 ### Service configuration
 
-| Parameter                 | Description                   | Default     |
-| ------------------------- | ----------------------------- | ----------- |
-| `service.type`            | Keycloak service type         | `ClusterIP` |
-| `service.httpPort`        | Keycloak HTTP service port    | `8080`      |
-| `service.httpsPort`       | Keycloak HTTPS service port   | `8443`      |
-| `service.httpTargetPort`  | Keycloak HTTP container port  | `8080`      |
-| `service.httpsTargetPort` | Keycloak HTTPS container port | `8443`      |
-| `service.annotations`     | Service annotations           | `{}`        |
+| Parameter                     | Description                   | Default     |
+| ----------------------------- | ----------------------------- | ----------- |
+| `service.type`                | Keycloak service type         | `ClusterIP` |
+| `service.httpPort`            | Keycloak HTTP service port    | `8080`      |
+| `service.httpsPort`           | Keycloak HTTPS service port   | `8443`      |
+| `service.httpTargetPort`      | Keycloak HTTP container port  | `8080`      |
+| `service.httpsTargetPort`     | Keycloak HTTPS container port | `8443`      |
+| `service.annotations`         | Service annotations           | `{}`        |
+| `service.trafficDistribution` | Service traffic distribution  | `""`        |
 
 ### Ingress configuration
 
@@ -225,11 +226,12 @@ The following table lists the configurable parameters of the Keycloak chart and
 
 ### Node Selection
 
-| Parameter      | Description                          | Default |
-| -------------- | ------------------------------------ | ------- |
-| `nodeSelector` | Node labels for pod assignment       | `{}`    |
-| `tolerations`  | Toleration labels for pod assignment | `[]`    |
-| `affinity`     | Affinity settings for pod assignment | `{}`    |
+| Parameter                   | Description                                    | Default |
+| --------------------------- | ---------------------------------------------- | ------- |
+| `nodeSelector`              | Node labels for pod assignment                 | `{}`    |
+| `tolerations`               | Toleration labels for pod assignment           | `[]`    |
+| `affinity`                  | Affinity settings for pod assignment           | `{}`    |
+| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]`    |
 
 ### Service Account
 
@@ -522,21 +524,18 @@ kubectl get secret my-keycloak -o jsonpath="{.data.admin-password}" | base64 --d
 ### Common Issues
 
 1. **Pod fails to start with database connection errors**
-
    - Verify database connection parameters
    - Ensure the database is running and accessible
    - Check database credentials in secrets
    - Review pod logs: `kubectl logs <pod-name>`
 
 2. **Cannot access Keycloak via ingress**
-
    - Verify ingress configuration and annotations
    - Check if ingress controller is installed
    - Ensure DNS resolves to the correct IP
    - Check TLS certificate configuration
 
 3. **Admin login fails**
-
    - Verify admin password in the secret
    - Check if the admin user exists in the database
    - Review Keycloak logs for authentication errors
diff --git a/charts/keycloak/templates/deployment.yaml b/charts/keycloak/templates/deployment.yaml
@@ -247,3 +247,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/keycloak/templates/service.yaml b/charts/keycloak/templates/service.yaml
@@ -23,4 +23,5 @@ spec:
       name: https
     {{- end }}
   selector:
-    {{- include "keycloak.selectorLabels" . | nindent 4 }}
+    {{- include "keycloak.selectorLabels" . | nindent 4 }}
+  trafficDistribution: {{ .Values.service.trafficDistribution }}
diff --git a/charts/keycloak/values.schema.json b/charts/keycloak/values.schema.json
@@ -313,6 +313,10 @@
         "annotations": {
           "type": "object",
           "description": "Service annotations"
+        },
+        "trafficDistribution": {
+          "type": "string",
+          "description": "Traffic distribution policy"
         }
       }
     },
@@ -531,6 +535,10 @@
       "type": "object",
       "description": "Affinity settings for pod assignment"
     },
+    "topologySpreadConstraints": {
+      "type": "array",
+      "description": "Topology Spread Constraints for pod assignment"
+    },
     "serviceAccount": {
       "type": "object",
       "properties": {
diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml
@@ -146,6 +146,8 @@ service:
   httpsTargetPort: 8443
   ## @param service.annotations Service annotations
   annotations: {}
+  ## @param service.trafficDistribution Traffic distribution preference for the keycloak service. If the field is not set, the implementation will apply its default routing strategy.
+  trafficDistribution: ""
 
 ## @section Ingress configuration
 ingress:
@@ -253,6 +255,9 @@ nodeSelector: {}
 ## @param tolerations Toleration labels for pod assignment
 tolerations: []
 
+## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
+topologySpreadConstraints: []
+
 ## @param affinity Affinity settings for pod assignment
 affinity: {}
 
diff --git a/charts/minio/Chart.lock b/charts/minio/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/cloudpirates
-  version: 1.0.0
-digest: sha256:4dc4489391e65614af4cd64d56a213e353a7a70b231faf64c584779774304d96
-generated: "2025-08-14T12:32:33.889806+02:00"
+  version: 1.1.1
+digest: sha256:8da3c04e2c4a1ebfff4f21936399938e0f3fcf9fbd2f7135e7e907ce725b8f00
+generated: "2025-10-01T22:07:26.882147+02:00"
diff --git a/charts/minio/Chart.yaml b/charts/minio/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: minio
 description: High Performance Object Storage compatible with Amazon S3 APIs
 type: application
-version: 0.2.4
+version: 0.3.0
 appVersion: "2025.09.07"
 keywords:
   - minio
diff --git a/charts/minio/README.md b/charts/minio/README.md
@@ -133,12 +133,12 @@ The following table lists the configurable parameters of the MinIO chart and the
 | Parameter                                  | Description                                       | Default   |
 | ------------------------------------------ | ------------------------------------------------- | --------- |
 | `podSecurityContext.fsGroup`               | Group ID for the volumes of the pod               | `1000`    |
-| `securityContext.allowPrivilegeEscalation` | Enable container privilege escalation             | `false`   |
-| `securityContext.runAsNonRoot`             | Configure the container to run as a non-root user | `true`    |
-| `securityContext.runAsUser`                | User ID for the MinIO container                   | `1000`    |
-| `securityContext.runAsGroup`               | Group ID for the MinIO container                  | `1000`    |
-| `securityContext.readOnlyRootFilesystem`   | Mount container root filesystem as read-only      | `true`    |
-| `securityContext.capabilities.drop`        | Linux capabilities to be dropped                  | `["ALL"]` |
+| `containerSecurityContext.allowPrivilegeEscalation` | Enable container privilege escalation             | `false`   |
+| `containerSecurityContext.runAsNonRoot`             | Configure the container to run as a non-root user | `true`    |
+| `containerSecurityContext.runAsUser`                | User ID for the MinIO container                   | `1000`    |
+| `containerSecurityContext.runAsGroup`               | Group ID for the MinIO container                  | `1000`    |
+| `containerSecurityContext.readOnlyRootFilesystem`   | Mount container root filesystem as read-only      | `true`    |
+| `containerSecurityContext.capabilities.drop`        | Linux capabilities to be dropped                  | `["ALL"]` |
 
 ### Service configuration
 
diff --git a/charts/minio/templates/deployment.yaml b/charts/minio/templates/deployment.yaml
@@ -32,12 +32,10 @@ spec:
 {{- with (include "minio.imagePullSecrets" .) }}
 {{ . | nindent 6 }}
 {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      securityContext: {{ include "common.renderPodSecurityContext" . | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
+          securityContext: {{ include "common.renderContainerSecurityContext" . | nindent 12 }}
           image: {{ include "minio.image" . }}
           imagePullPolicy: {{ .Values.image.imagePullPolicy }}
           command: ["/bin/sh"]
diff --git a/charts/minio/values.yaml b/charts/minio/values.yaml
@@ -85,18 +85,18 @@ podSecurityContext:
   ## @param podSecurityContext.fsGroup Group ID for the volumes of the pod
   fsGroup: 1001
 
-securityContext:
-  ## @param securityContext.allowPrivilegeEscalation Enable container privilege escalation
+containerSecurityContext:
+  ## @param containerSecurityContext.allowPrivilegeEscalation Enable container privilege escalation
   allowPrivilegeEscalation: false
-  ## @param securityContext.runAsNonRoot Configure the container to run as a non-root user
+  ## @param containerSecurityContext.runAsNonRoot Configure the container to run as a non-root user
   runAsNonRoot: true
-  ## @param securityContext.runAsUser User ID for the MinIO container
+  ## @param containerSecurityContext.runAsUser User ID for the MinIO container
   runAsUser: 1001
-  ## @param securityContext.runAsGroup Group ID for the MinIO container
+  ## @param containerSecurityContext.runAsGroup Group ID for the MinIO container
   runAsGroup: 1001
-  ## @param securityContext.readOnlyRootFilesystem Mount container root filesystem as read-only
+  ## @param containerSecurityContext.readOnlyRootFilesystem Mount container root filesystem as read-only
   readOnlyRootFilesystem: true
-  ## @param securityContext.capabilities.drop Linux capabilities to be dropped
+  ## @param containerSecurityContext.capabilities.drop Linux capabilities to be dropped
   capabilities:
     drop:
       - ALL
diff --git a/charts/mongodb/Chart.lock b/charts/mongodb/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: common
   repository: oci://registry-1.docker.io/cloudpirates
-  version: 1.0.0
-digest: sha256:4dc4489391e65614af4cd64d56a213e353a7a70b231faf64c584779774304d96
-generated: "2025-08-14T12:32:14.099705+02:00"
+  version: 1.1.1
+digest: sha256:8da3c04e2c4a1ebfff4f21936399938e0f3fcf9fbd2f7135e7e907ce725b8f00
+generated: "2025-10-01T21:57:12.890603+02:00"
diff --git a/charts/mongodb/Chart.yaml b/charts/mongodb/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: mongodb
 description: MongoDB a flexible NoSQL database for scalable, real-time data management
 type: application
-version: 0.2.0
+version: 0.3.0
 appVersion: "8.0.13"
 keywords:
   - mongodb
diff --git a/charts/mongodb/templates/statefulset.yaml b/charts/mongodb/templates/statefulset.yaml
@@ -23,11 +23,10 @@ spec:
 {{- with (include "mongodb.imagePullSecrets" .) }}
 {{ . | nindent 6 }}
 {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      securityContext: {{ include "common.renderPodSecurityContext" . | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+          securityContext: {{ include "common.renderContainerSecurityContext" . | nindent 12 }}
           image: {{ include "mongodb.image" . | quote }}
           imagePullPolicy: {{ include "common.imagePullPolicy" (dict "image" .Values.image) }}
           {{- if or .Values.config.content .Values.config.existingConfigmap }}
diff --git a/charts/postgres/CHANGELOG.md b/charts/postgres/CHANGELOG.md
@@ -1,8 +1,20 @@
 # Changelog
 
-## 0.6.1 (2025-09-29)
+## 0.7.2 (2025-10-02)
 
-* [Postgres] update default postgres config files ([#180](https://github.com/CloudPirates-io/helm-charts/pull/180))
+* [postgres] chore(deps): update docker.io/postgres:18.0 Docker digest to 073e7c8 ([#172](https://github.com/CloudPirates-io/helm-charts/pull/172))
+
+## <small>0.7.1 (2025-10-02)</small>
+
+* implement support for existingClaim (#212) ([805d3f8](https://github.com/CloudPirates-io/helm-charts/commit/805d3f8)), closes [#212](https://github.com/CloudPirates-io/helm-charts/issues/212)
+
+## 0.7.0 (2025-09-30)
+
+* make postgres run on openshift (#184) ([0396895](https://github.com/CloudPirates-io/helm-charts/commit/0396895)), closes [#184](https://github.com/CloudPirates-io/helm-charts/issues/184)
+
+## <small>0.6.1 (2025-09-29)</small>
+
+* update default postgres config files (#180) ([6385512](https://github.com/CloudPirates-io/helm-charts/commit/6385512)), closes [#180](https://github.com/CloudPirates-io/helm-charts/issues/180)
 
 ## <small>0.5.5 (2025-09-29)</small>
 
diff --git a/charts/postgres/Chart.yaml b/charts/postgres/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: postgres
 description: The World's Most Advanced Open Source Relational Database
 type: application
-version: 0.7.0
+version: 0.7.2
 appVersion: "18.0"
 keywords:
   - postgres
diff --git a/charts/postgres/templates/statefulset.yaml b/charts/postgres/templates/statefulset.yaml
@@ -198,6 +198,11 @@ spec:
         - name: data
           emptyDir: {}
         {{- end }}
+        {{- if .Values.persistence.existingClaim }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.existingClaim }}
+        {{- end }}
         {{- if not .Values.config.existingConfigmap }}
         - name: config
           configMap:
@@ -239,6 +244,7 @@ spec:
     whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }}
     whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }}
   {{- end }}
+  {{- if not .Values.persistence.existingClaim }}
   volumeClaimTemplates:
   - metadata:
       name: data
@@ -261,4 +267,5 @@ spec:
       storageClassName: {{ .Values.persistence.storageClass | quote }}
       {{- end }}
       {{- end }}
+    {{- end }}
   {{- end }}
diff --git a/charts/postgres/values.yaml b/charts/postgres/values.yaml
@@ -22,7 +22,7 @@ image:
   ## @param image.repository PostgreSQL image repository
   repository: postgres
   ## @param image.tag PostgreSQL image tag (immutable tags are recommended)
-  tag: "18.0@sha256:9685e09573f19eeb99d259547a1cb7a7a77cd15877f55f51e215ad06edf5c721"
+  tag: "18.0@sha256:073e7c8b84e2197f94c8083634640ab37105effe1bc853ca4d5fbece3219b0e8"
   ## @param image.imagePullPolicy PostgreSQL image pull policy
   imagePullPolicy: Always
 
diff --git a/charts/rabbitmq/CHANGELOG.md b/charts/rabbitmq/CHANGELOG.md
diff --git a/charts/rabbitmq/Chart.yaml b/charts/rabbitmq/Chart.yaml
diff --git a/charts/rabbitmq/templates/statefulset.yaml b/charts/rabbitmq/templates/statefulset.yaml
diff --git a/charts/timescaledb/Chart.lock b/charts/timescaledb/Chart.lock
diff --git a/charts/timescaledb/Chart.yaml b/charts/timescaledb/Chart.yaml
diff --git a/charts/timescaledb/README.md b/charts/timescaledb/README.md
diff --git a/charts/timescaledb/templates/statefulset.yaml b/charts/timescaledb/templates/statefulset.yaml
diff --git a/charts/timescaledb/values.yaml b/charts/timescaledb/values.yaml
