diff --git a/charts/cryostat/Chart.yaml b/charts/cryostat/Chart.yaml index 5d2911c..1c8443c 100644 --- a/charts/cryostat/Chart.yaml +++ b/charts/cryostat/Chart.yaml @@ -4,11 +4,11 @@ description: Securely manage JFR recordings for your containerized Java workload type: application -version: "2.1.0-dev" +version: "2.1.0" -kubeVersion: ">= 1.25.0-0" +kubeVersion: ">= 1.29.0-0" -appVersion: "4.1.0-dev" +appVersion: "4.1.0" home: "https://cryostat.io" diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index ae447ce..561db55 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -74,8 +74,8 @@ certificate issuance and rotation. | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | | `core` | Configuration for the core Cryostat application | | | `core.image.repository` | Repository for the main Cryostat container image | `quay.io/cryostat/cryostat` | -| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `Always` | -| `core.image.tag` | Tag for the main Cryostat container image | `4.1.0-snapshot` | +| `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `IfNotPresent` | +| `core.image.tag` | Tag for the main Cryostat container image | `4.1.0` | | `core.podAnnotations` | Annotations to be applied to the Cryostat Pods | `{}` | | `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | | `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | @@ -127,8 +127,8 @@ certificate issuance and rotation. | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `reports` | Configuration for the Reports Generator deployment | | | `reports.image.repository` | Repository for the Report Generator container image | `quay.io/cryostat/cryostat-reports` | -| `reports.image.pullPolicy` | Image pull policy for the Report Generator container image | `Always` | -| `reports.image.tag` | Tag for the Report Generator image | `4.1.0-snapshot` | +| `reports.image.pullPolicy` | Image pull policy for the Report Generator container image | `IfNotPresent` | +| `reports.image.tag` | Tag for the Report Generator image | `4.1.0` | | `reports.podAnnotations` | Annotations to be applied to the Report Generator Pods | `{}` | | `reports.service.type` | Type of Service to create for the Report Generator Deployment | `ClusterIP` | | `reports.service.httpPort` | Port number to expose on the Service for the Report Generator Deployment | `10001` | @@ -152,8 +152,8 @@ certificate issuance and rotation. | ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `db` | Configuration for Cryostat's database | | | `db.image.repository` | Repository for the database container image | `quay.io/cryostat/cryostat-db` | -| `db.image.pullPolicy` | Image pull policy for the database container image | `Always` | -| `db.image.tag` | Tag for the database container image | `cryostat-v4.1` | +| `db.image.pullPolicy` | Image pull policy for the database container image | `IfNotPresent` | +| `db.image.tag` | Tag for the database container image | `4.1.0` | | `db.provider.url` | URL to the database instance. This can be an in-cluster self-hosted instance with a hostname like db.myapp.local, or it can be an external commercial service. This should be a complete JDBC URL with scheme, host, and port. User authentication information should be provided using a *Secret* and *core.databaseSecretName*. If this URL is not specified then a managed [cryostat-db](https://github.com/cryostatio/cryostat-db) instance will be automatically deployed and configured. If an unmanaged database instance is specified here then other database configuration settings (Pod annotations, Service configurations) do not apply. The database must be a Postgres instance with the pgcrypto extension enabled. | `""` | | `db.podAnnotations` | Annotations to be applied to the Database Pods | `{}` | | `db.service.type` | Type of Service to create for the database | `ClusterIP` | @@ -181,8 +181,8 @@ certificate issuance and rotation. | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- | | `storage` | Configuration for Cryostat's object storage provider | | | `storage.image.repository` | Repository for the storage container image | `quay.io/cryostat/cryostat-storage` | -| `storage.image.pullPolicy` | Image pull policy for the storage container image | `Always` | -| `storage.image.tag` | Tag for the storage container image | `cryostat-v4.1` | +| `storage.image.pullPolicy` | Image pull policy for the storage container image | `IfNotPresent` | +| `storage.image.tag` | Tag for the storage container image | `4.1.0` | | `storage.storageSecretName` | Name of the secret containing the object storage secret access key. This secret must contain a STORAGE_ACCESS_KEY secret which is the object storage secret access key. It must not be updated across chart upgrades, or else the connection between Cryostat components and object storage will not be able to initialize. If using an external S3 provider requiring authentication then this **must** be provided. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable) | `""` | | `storage.provider.url` | URL to the S3 object storage provider instance. This can be an in-cluster self-hosted instance with a hostname like s3.storage.local, or it can be an external commercial service. This should include scheme, host, and port. User authenication information should be provided using a *Secret* and *storage.storageSecretName*. If this is not specified then a managed [cryostat-storage](https://github.com/cryostatio/cryostat-storage) instance will be automatically deployed and configured. If an unmanaged S3 instance is specified here then other storage configuration settings (such as at-rest encryption, Pod annotations, Service configurations) do not apply. Production installations of Cryostat should not rely on `cryostat-storage` | `""` | | `storage.provider.useChecksumValidation` | whether PUT object request checksum validations are used. These should normally be enabled, but are known to cause issues with SeaweedFS/cryostat-storage and later S3 SDK versions. This is *true* by default when storage.provider.url is configured, but if not configured and cryostat-storage is deployed then this will be taken as *false*. | `true` | @@ -227,8 +227,8 @@ certificate issuance and rotation. | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- | | `grafana` | Configuration for the customized Grafana instance for Cryostat | | | `grafana.image.repository` | Repository for the Grafana container image | `quay.io/cryostat/cryostat-grafana-dashboard` | -| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `Always` | -| `grafana.image.tag` | Tag for the Grafana container image | `4.1-dev` | +| `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `IfNotPresent` | +| `grafana.image.tag` | Tag for the Grafana container image | `4.1.0` | | `grafana.resources.requests.cpu` | CPU resource request for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `25m` | | `grafana.resources.requests.memory` | Memory resource request for the Grafana container | `80Mi` | | `grafana.securityContext` | Security Context for the Grafana container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | @@ -244,8 +244,8 @@ certificate issuance and rotation. | -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | | `datasource` | Configuration for the JFR Data Source component, which translates recording events into a format consumable by Grafana | | | `datasource.image.repository` | Repository for the JFR Data Source container image | `quay.io/cryostat/jfr-datasource` | -| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `Always` | -| `datasource.image.tag` | Tag for the JFR Data Source container image | `4.1.0-snapshot` | +| `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `IfNotPresent` | +| `datasource.image.tag` | Tag for the JFR Data Source container image | `4.1.0` | | `datasource.resources.requests.cpu` | CPU resource request for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `200m` | | `datasource.resources.requests.memory` | Memory resource request for the JFR Data Source container | `200Mi` | | `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | @@ -290,8 +290,8 @@ certificate issuance and rotation. | Name | Description | Value | | ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | | `openshiftOauthProxy.image.repository` | Repository for the OpenShift OAuth Proxy container image | `quay.io/openshift/origin-oauth-proxy` | -| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `Always` | -| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `latest` | +| `openshiftOauthProxy.image.pullPolicy` | Image pull policy for the OpenShift OAuth Proxy container image | `IfNotPresent` | +| `openshiftOauthProxy.image.tag` | Tag for the OpenShift OAuth Proxy container image | `4.20.0` | | `openshiftOauthProxy.resources.requests.cpu` | CPU resource request for the OpenShift OAuth Proxy container | `25m` | | `openshiftOauthProxy.resources.requests.memory` | Memory resource request for the OpenShift OAuth Proxy container | `64Mi` | | `openshiftOauthProxy.accessReview.enabled` | Whether the SubjectAccessReview/TokenAccessReview role checks for users and clients are enabled. If this is disabled then the proxy will only check that the user has valid credentials or holds a valid token | `true` | diff --git a/charts/cryostat/tests/cookie_secret_test.yaml b/charts/cryostat/tests/cookie_secret_test.yaml index 878001a..aafa37e 100644 --- a/charts/cryostat/tests/cookie_secret_test.yaml +++ b/charts/cryostat/tests/cookie_secret_test.yaml @@ -25,8 +25,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: 4.1.0-dev - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: 4.1.0 + helm.sh/chart: cryostat-2.1.0 - it: should not create a cookie secret if authentication.cookieSecretName is set set: diff --git a/charts/cryostat/tests/cryostat_deployment_test.yaml b/charts/cryostat/tests/cryostat_deployment_test.yaml index f40c81b..e8476a8 100644 --- a/charts/cryostat/tests/cryostat_deployment_test.yaml +++ b/charts/cryostat/tests/cryostat_deployment_test.yaml @@ -43,10 +43,10 @@ tests: - equal: path: metadata.labels value: - helm.sh/chart: cryostat-2.1.0-dev + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/name: cryostat app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/version: "4.1.0-dev" + app.kubernetes.io/version: "4.1.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: cryostat app.kubernetes.io/part-of: cryostat @@ -57,7 +57,7 @@ tests: path: spec.template.spec.containers[?(@.name=='cryostat')] - equal: path: spec.template.spec.containers[?(@.name=='cryostat')].image - value: "quay.io/cryostat/cryostat:4.1.0-snapshot" + value: "quay.io/cryostat/cryostat:4.1.0" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-authproxy')].image value: "quay.io/oauth2-proxy/oauth2-proxy:latest" @@ -494,10 +494,10 @@ tests: - ALL - equal: path: spec.template.spec.containers[?(@.name=='cryostat-grafana')].image - value: "quay.io/cryostat/cryostat-grafana-dashboard:4.1-dev" + value: "quay.io/cryostat/cryostat-grafana-dashboard:4.1.0" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-grafana')].imagePullPolicy - value: "Always" + value: "IfNotPresent" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-grafana')].env[?(@.name=='GF_AUTH_ANONYMOUS_ENABLED')].value value: "true" @@ -545,10 +545,10 @@ tests: - ALL - equal: path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].image - value: "quay.io/cryostat/jfr-datasource:4.1.0-snapshot" + value: "quay.io/cryostat/jfr-datasource:4.1.0" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].imagePullPolicy - value: "Always" + value: "IfNotPresent" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].env[?(@.name=='LISTEN_HOST')].value value: "localhost" @@ -776,16 +776,16 @@ tests: asserts: - equal: path: spec.template.spec.containers[?(@.name=='cryostat')].imagePullPolicy - value: Always + value: IfNotPresent - equal: path: spec.template.spec.containers[?(@.name=='cryostat-authproxy')].imagePullPolicy value: Always - equal: path: spec.template.spec.containers[?(@.name=='cryostat-grafana')].imagePullPolicy - value: "Always" + value: IfNotPresent - equal: path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].imagePullPolicy - value: "Always" + value: IfNotPresent - it: should verify image pull policies for release versions set: diff --git a/charts/cryostat/tests/cryostat_service_test.yaml b/charts/cryostat/tests/cryostat_service_test.yaml index 72240ac..3655a91 100644 --- a/charts/cryostat/tests/cryostat_service_test.yaml +++ b/charts/cryostat/tests/cryostat_service_test.yaml @@ -44,8 +44,8 @@ tests: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: cryostat app.kubernetes.io/part-of: cryostat @@ -107,8 +107,8 @@ tests: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: cryostat app.kubernetes.io/part-of: cryostat - equal: @@ -190,8 +190,8 @@ tests: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat app.kubernetes.io/part-of: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: cryostat - it: should create a Service with additional user-provided annotations diff --git a/charts/cryostat/tests/cryostat_tls_secret_test.yaml b/charts/cryostat/tests/cryostat_tls_secret_test.yaml index b086da0..224615b 100644 --- a/charts/cryostat/tests/cryostat_tls_secret_test.yaml +++ b/charts/cryostat/tests/cryostat_tls_secret_test.yaml @@ -32,8 +32,8 @@ tests: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat app.kubernetes.io/part-of: cryostat - app.kubernetes.io/version: 4.1.0-dev - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: 4.1.0 + helm.sh/chart: cryostat-2.1.0 - it: should not create a TLS cert secret if oauth2Proxy.tls.selfSigned.enabled is not set set: diff --git a/charts/cryostat/tests/db_deployment_test.yaml b/charts/cryostat/tests/db_deployment_test.yaml index 283bc82..40a60df 100644 --- a/charts/cryostat/tests/db_deployment_test.yaml +++ b/charts/cryostat/tests/db_deployment_test.yaml @@ -42,10 +42,10 @@ tests: - equal: path: metadata.labels value: - helm.sh/chart: cryostat-2.1.0-dev + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/name: cryostat app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/version: "4.1.0-dev" + app.kubernetes.io/version: "4.1.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: db app.kubernetes.io/part-of: cryostat @@ -63,10 +63,10 @@ tests: - ALL - equal: path: spec.template.spec.containers[?(@.name=='cryostat-db')].image - value: "quay.io/cryostat/cryostat-db:cryostat-v4.1" + value: "quay.io/cryostat/cryostat-db:4.1.0" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-db')].imagePullPolicy - value: "Always" + value: "IfNotPresent" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-db')].env[?(@.name=='POSTGRESQL_USER')] value: @@ -322,7 +322,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[?(@.name=='cryostat-db')].imagePullPolicy - value: "Always" + value: "IfNotPresent" - it: should verify image pull policies for release versions set: diff --git a/charts/cryostat/tests/db_pvc_test.yaml b/charts/cryostat/tests/db_pvc_test.yaml index 2f5076b..1124c3c 100644 --- a/charts/cryostat/tests/db_pvc_test.yaml +++ b/charts/cryostat/tests/db_pvc_test.yaml @@ -32,8 +32,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 - equal: path: spec.accessModes value: diff --git a/charts/cryostat/tests/db_secret_test.yaml b/charts/cryostat/tests/db_secret_test.yaml index be01e17..4a26bbd 100644 --- a/charts/cryostat/tests/db_secret_test.yaml +++ b/charts/cryostat/tests/db_secret_test.yaml @@ -29,8 +29,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: 4.1.0-dev - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: 4.1.0 + helm.sh/chart: cryostat-2.1.0 - it: should not create a database secret if core.databaseSecretName is set set: diff --git a/charts/cryostat/tests/db_service_test.yaml b/charts/cryostat/tests/db_service_test.yaml index e2dbfae..38f7844 100644 --- a/charts/cryostat/tests/db_service_test.yaml +++ b/charts/cryostat/tests/db_service_test.yaml @@ -25,8 +25,8 @@ tests: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: db app.kubernetes.io/part-of: cryostat @@ -55,8 +55,8 @@ tests: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: db app.kubernetes.io/part-of: cryostat diff --git a/charts/cryostat/tests/discovery_clusterrole_test.yaml b/charts/cryostat/tests/discovery_clusterrole_test.yaml index eef5f23..b2f63d3 100644 --- a/charts/cryostat/tests/discovery_clusterrole_test.yaml +++ b/charts/cryostat/tests/discovery_clusterrole_test.yaml @@ -51,8 +51,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 - equal: path: rules value: diff --git a/charts/cryostat/tests/discovery_clusterrolebinding_test.yaml b/charts/cryostat/tests/discovery_clusterrolebinding_test.yaml index df599c7..b424249 100644 --- a/charts/cryostat/tests/discovery_clusterrolebinding_test.yaml +++ b/charts/cryostat/tests/discovery_clusterrolebinding_test.yaml @@ -51,8 +51,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 - equal: path: roleRef value: diff --git a/charts/cryostat/tests/reports_deployment_test.yaml b/charts/cryostat/tests/reports_deployment_test.yaml index aea3332..5f56150 100644 --- a/charts/cryostat/tests/reports_deployment_test.yaml +++ b/charts/cryostat/tests/reports_deployment_test.yaml @@ -50,10 +50,10 @@ tests: - equal: path: metadata.labels value: - helm.sh/chart: cryostat-2.1.0-dev + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/name: cryostat app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/version: "4.1.0-dev" + app.kubernetes.io/version: "4.1.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: reports app.kubernetes.io/part-of: cryostat @@ -78,7 +78,7 @@ tests: path: spec.template.spec.containers[?(@.name=='cryostat-reports')] - equal: path: spec.template.spec.containers[?(@.name=='cryostat-reports')].image - value: "quay.io/cryostat/cryostat-reports:4.1.0-snapshot" + value: "quay.io/cryostat/cryostat-reports:4.1.0" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-reports')].env[?(@.name=='QUARKUS_HTTP_PORT')].value value: "10001" @@ -95,7 +95,7 @@ tests: path: spec.template.spec.containers[?(@.name=='cryostat-reports-authproxy')] - equal: path: spec.template.spec.containers[?(@.name=='cryostat-reports-authproxy')].image - value: "quay.io/openshift/origin-oauth-proxy:latest" + value: "quay.io/openshift/origin-oauth-proxy:4.20.0" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-reports-authproxy')].ports value: @@ -265,7 +265,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[?(@.name=='cryostat-reports')].imagePullPolicy - value: Always + value: IfNotPresent - it: should verify image pull policies for release versions set: diff --git a/charts/cryostat/tests/reports_secret_test.yaml b/charts/cryostat/tests/reports_secret_test.yaml index fa4c2f7..e0137a8 100644 --- a/charts/cryostat/tests/reports_secret_test.yaml +++ b/charts/cryostat/tests/reports_secret_test.yaml @@ -29,8 +29,8 @@ tests: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat app.kubernetes.io/part-of: cryostat - app.kubernetes.io/version: 4.1.0-dev - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: 4.1.0 + helm.sh/chart: cryostat-2.1.0 - it: should not create a database secret if reports.reportsSecretName is set set: diff --git a/charts/cryostat/tests/reports_service_test.yaml b/charts/cryostat/tests/reports_service_test.yaml index 111589c..50871ad 100644 --- a/charts/cryostat/tests/reports_service_test.yaml +++ b/charts/cryostat/tests/reports_service_test.yaml @@ -37,8 +37,8 @@ tests: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat app.kubernetes.io/part-of: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: reports - it: should create a Service targeting the Pod https port when deployed in OpenShift @@ -73,8 +73,8 @@ tests: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat app.kubernetes.io/part-of: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: reports - it: should create a Service with additional user-provided annotations diff --git a/charts/cryostat/tests/role_test.yaml b/charts/cryostat/tests/role_test.yaml index 8209264..a167d7b 100644 --- a/charts/cryostat/tests/role_test.yaml +++ b/charts/cryostat/tests/role_test.yaml @@ -49,8 +49,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 documentIndex: 0 - equal: path: metadata.labels @@ -59,8 +59,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 documentIndex: 1 - it: should have correct permissions for endpoints, pods, and other resources diff --git a/charts/cryostat/tests/route_test.yaml b/charts/cryostat/tests/route_test.yaml index a3280c6..b098404 100644 --- a/charts/cryostat/tests/route_test.yaml +++ b/charts/cryostat/tests/route_test.yaml @@ -34,8 +34,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 - equal: path: metadata.annotations.hello value: "world" diff --git a/charts/cryostat/tests/storage_deployment_test.yaml b/charts/cryostat/tests/storage_deployment_test.yaml index 6381d94..57a7428 100644 --- a/charts/cryostat/tests/storage_deployment_test.yaml +++ b/charts/cryostat/tests/storage_deployment_test.yaml @@ -42,10 +42,10 @@ tests: - equal: path: metadata.labels value: - helm.sh/chart: cryostat-2.1.0-dev + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/name: cryostat app.kubernetes.io/instance: RELEASE-NAME - app.kubernetes.io/version: "4.1.0-dev" + app.kubernetes.io/version: "4.1.0" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: storage app.kubernetes.io/part-of: cryostat @@ -63,10 +63,10 @@ tests: - ALL - equal: path: spec.template.spec.containers[?(@.name=='cryostat-storage')].image - value: "quay.io/cryostat/cryostat-storage:cryostat-v4.1" + value: "quay.io/cryostat/cryostat-storage:4.1.0" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-storage')].imagePullPolicy - value: "Always" + value: "IfNotPresent" - equal: path: spec.template.spec.containers[?(@.name=='cryostat-storage')].env[?(@.name=='CRYOSTAT_BUCKETS')].value value: "archivedrecordings,archivedreports,eventtemplates,heapdumps,metadata,probes,threaddumps" @@ -369,7 +369,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[?(@.name=='cryostat-storage')].imagePullPolicy - value: Always + value: IfNotPresent - it: should verify image pull policies for release versions set: diff --git a/charts/cryostat/tests/storage_pvc_test.yaml b/charts/cryostat/tests/storage_pvc_test.yaml index 4ee8d03..f3328ca 100644 --- a/charts/cryostat/tests/storage_pvc_test.yaml +++ b/charts/cryostat/tests/storage_pvc_test.yaml @@ -32,8 +32,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 - equal: path: spec.accessModes value: diff --git a/charts/cryostat/tests/storage_secret_test.yaml b/charts/cryostat/tests/storage_secret_test.yaml index 8ac9d9c..ac488e6 100644 --- a/charts/cryostat/tests/storage_secret_test.yaml +++ b/charts/cryostat/tests/storage_secret_test.yaml @@ -27,8 +27,8 @@ tests: app.kubernetes.io/part-of: cryostat app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: 4.1.0-dev - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: 4.1.0 + helm.sh/chart: cryostat-2.1.0 - it: should not create a storage secret if storage.storageSecretName is set set: diff --git a/charts/cryostat/tests/storage_service_test.yaml b/charts/cryostat/tests/storage_service_test.yaml index 7119fe2..94d9d4f 100644 --- a/charts/cryostat/tests/storage_service_test.yaml +++ b/charts/cryostat/tests/storage_service_test.yaml @@ -25,8 +25,8 @@ tests: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: storage app.kubernetes.io/part-of: cryostat @@ -56,8 +56,8 @@ tests: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cryostat - app.kubernetes.io/version: "4.1.0-dev" - helm.sh/chart: cryostat-2.1.0-dev + app.kubernetes.io/version: "4.1.0" + helm.sh/chart: cryostat-2.1.0 app.kubernetes.io/component: storage app.kubernetes.io/part-of: cryostat diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index d598e91..b576baf 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -16,12 +16,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the main Cryostat container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the main Cryostat container image", - "default": "4.1.0-snapshot" + "default": "4.1.0" } } }, @@ -373,12 +373,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the Report Generator container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the Report Generator image", - "default": "4.1.0-snapshot" + "default": "4.1.0" } } }, @@ -511,12 +511,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the database container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the database container image", - "default": "cryostat-v4.1" + "default": "4.1.0" } } }, @@ -659,12 +659,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the storage container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the storage container image", - "default": "cryostat-v4.1" + "default": "4.1.0" } } }, @@ -947,12 +947,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the Grafana container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the Grafana container image", - "default": "4.1-dev" + "default": "4.1.0" } } }, @@ -1045,12 +1045,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the JFR Data Source container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the JFR Data Source container image", - "default": "4.1.0-snapshot" + "default": "4.1.0" } } }, @@ -1339,12 +1339,12 @@ "pullPolicy": { "type": "string", "description": "Image pull policy for the OpenShift OAuth Proxy container image", - "default": "Always" + "default": "IfNotPresent" }, "tag": { "type": "string", "description": "Tag for the OpenShift OAuth Proxy container image", - "default": "latest" + "default": "4.20.0" } } }, diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index fe552fc..0b02510 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -5,9 +5,9 @@ core: ## @param core.image.repository Repository for the main Cryostat container image repository: "quay.io/cryostat/cryostat" ## @param core.image.pullPolicy Image pull policy for the main Cryostat container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param core.image.tag Tag for the main Cryostat container image - tag: "4.1.0-snapshot" + tag: "4.1.0" ## @param core.podAnnotations [object] Annotations to be applied to the Cryostat Pods podAnnotations: {} service: @@ -153,9 +153,9 @@ reports: ## @param reports.image.repository Repository for the Report Generator container image repository: "quay.io/cryostat/cryostat-reports" ## @param reports.image.pullPolicy Image pull policy for the Report Generator container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param reports.image.tag Tag for the Report Generator image - tag: "4.1.0-snapshot" + tag: "4.1.0" ## @param reports.podAnnotations [object] Annotations to be applied to the Report Generator Pods podAnnotations: {} service: @@ -208,9 +208,9 @@ db: ## @param db.image.repository Repository for the database container image repository: "quay.io/cryostat/cryostat-db" ## @param db.image.pullPolicy Image pull policy for the database container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param db.image.tag Tag for the database container image - tag: "cryostat-v4.1" + tag: "4.1.0" provider: ## @param db.provider.url URL to the database instance. This can be an in-cluster self-hosted instance with a hostname like db.myapp.local, or it can be an external commercial service. This should be a complete JDBC URL with scheme, host, and port. User authentication information should be provided using a *Secret* and *core.databaseSecretName*. If this URL is not specified then a managed [cryostat-db](https://github.com/cryostatio/cryostat-db) instance will be automatically deployed and configured. If an unmanaged database instance is specified here then other database configuration settings (Pod annotations, Service configurations) do not apply. The database must be a Postgres instance with the pgcrypto extension enabled. url: "" @@ -272,9 +272,9 @@ storage: ## @param storage.image.repository Repository for the storage container image repository: "quay.io/cryostat/cryostat-storage" ## @param storage.image.pullPolicy Image pull policy for the storage container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param storage.image.tag Tag for the storage container image - tag: "cryostat-v4.1" + tag: "4.1.0" ## @param storage.storageSecretName Name of the secret containing the object storage secret access key. This secret must contain a STORAGE_ACCESS_KEY secret which is the object storage secret access key. It must not be updated across chart upgrades, or else the connection between Cryostat components and object storage will not be able to initialize. If using an external S3 provider requiring authentication then this **must** be provided. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable) storageSecretName: "" provider: @@ -376,9 +376,9 @@ grafana: ## @param grafana.image.repository Repository for the Grafana container image repository: "quay.io/cryostat/cryostat-grafana-dashboard" ## @param grafana.image.pullPolicy Image pull policy for the Grafana container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param grafana.image.tag Tag for the Grafana container image - tag: "4.1-dev" + tag: "4.1.0" resources: requests: ## @param grafana.resources.requests.cpu CPU resource request for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) @@ -412,9 +412,9 @@ datasource: ## @param datasource.image.repository Repository for the JFR Data Source container image repository: "quay.io/cryostat/jfr-datasource" ## @param datasource.image.pullPolicy Image pull policy for the JFR Data Source container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param datasource.image.tag Tag for the JFR Data Source container image - tag: "4.1.0-snapshot" + tag: "4.1.0" resources: requests: ## @param datasource.resources.requests.cpu CPU resource request for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) @@ -514,9 +514,9 @@ openshiftOauthProxy: ## @param openshiftOauthProxy.image.repository Repository for the OpenShift OAuth Proxy container image repository: "quay.io/openshift/origin-oauth-proxy" ## @param openshiftOauthProxy.image.pullPolicy Image pull policy for the OpenShift OAuth Proxy container image - pullPolicy: Always + pullPolicy: IfNotPresent ## @param openshiftOauthProxy.image.tag Tag for the OpenShift OAuth Proxy container image - tag: "latest" + tag: "4.20.0" resources: requests: ## @param openshiftOauthProxy.resources.requests.cpu CPU resource request for the OpenShift OAuth Proxy container