Skip to content

Commit c6317ff

Browse files
ZashZash
committed
apps sc: upgrade thanos to 17.3.1
Now uses thanos image from quay Holding at 0.39.2 until upstream memory/cpu issue is resolved bin: Fix resolution of repo root in sbom scripts Seems if you call scripts as `sbom/generate.sh`, two paths are output by `cd && pwd`, which then breaks later uses of the `$REPO_ROOT` variable.
1 parent c8ba98a commit c6317ff

File tree

99 files changed

+3619
-2175
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

99 files changed

+3619
-2175
lines changed

helmfile.d/lists/images.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ images:
9595
tekton:
9696
controller: ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v1.1.0@sha256:72ba947187317aee83b8b6ba510b17375bede4ce062e366cd0162515e0f7d5f2
9797
thanos:
98-
image: ghcr.io/elastisys/bitnami/thanos:0.37.2-debian-12-r8
98+
image: quay.io/thanos/thanos:v0.39.2
9999
velero:
100100
image: docker.io/velero/velero:v1.16.1
101101
pluginAws: docker.io/velero/velero-plugin-for-aws:v1.9.0

helmfile.d/upstream/bitnami/thanos/Chart.lock

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
dependencies:
22
- name: minio
33
repository: oci://registry-1.docker.io/bitnamicharts
4-
version: 15.0.5
4+
version: 17.0.19
55
- name: common
66
repository: oci://registry-1.docker.io/bitnamicharts
7-
version: 2.30.0
8-
digest: sha256:c21010fcd391c9564b494e001720005981d7e2ef81aa9ea473e18b7a9324567d
9-
generated: "2025-03-05T05:09:56.729039288Z"
7+
version: 2.31.4
8+
digest: sha256:294dcecc3125f591a6e2158d207ce3418746bbd0cccf057d477f47788929255b
9+
generated: "2025-08-13T18:18:49.570029863Z"

helmfile.d/upstream/bitnami/thanos/Chart.yaml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,18 @@ annotations:
22
category: Analytics
33
images: |
44
- name: os-shell
5-
image: docker.io/bitnami/os-shell:12-debian-12-r39
5+
image: docker.io/bitnami/os-shell:12-debian-12-r50
66
- name: thanos
7-
image: docker.io/bitnami/thanos:0.37.2-debian-12-r8
7+
image: docker.io/bitnami/thanos:0.39.2-debian-12-r2
88
licenses: Apache-2.0
9+
tanzuCategory: application
910
apiVersion: v2
10-
appVersion: 0.37.2
11+
appVersion: 0.39.2
1112
dependencies:
1213
- condition: minio.enabled
1314
name: minio
1415
repository: oci://registry-1.docker.io/bitnamicharts
15-
version: 15.x.x
16+
version: 17.x.x
1617
- name: common
1718
repository: oci://registry-1.docker.io/bitnamicharts
1819
tags:
@@ -34,4 +35,4 @@ maintainers:
3435
name: thanos
3536
sources:
3637
- https://github.com/bitnami/charts/tree/main/bitnami/thanos
37-
version: 15.13.1
38+
version: 17.3.1

helmfile.d/upstream/bitnami/thanos/README.md

Lines changed: 63 additions & 5 deletions
Large diffs are not rendered by default.

helmfile.d/upstream/bitnami/thanos/charts/common/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ annotations:
22
category: Infrastructure
33
licenses: Apache-2.0
44
apiVersion: v2
5-
appVersion: 2.30.0
5+
appVersion: 2.31.4
66
description: A Library Helm Chart for grouping common logic between bitnami charts.
77
This chart is not deployable by itself.
88
home: https://bitnami.com
@@ -20,4 +20,4 @@ name: common
2020
sources:
2121
- https://github.com/bitnami/charts/tree/main/bitnami/common
2222
type: library
23-
version: 2.30.0
23+
version: 2.31.4

helmfile.d/upstream/bitnami/thanos/charts/common/README.md

Lines changed: 154 additions & 2 deletions
Large diffs are not rendered by default.

helmfile.d/upstream/bitnami/thanos/charts/common/templates/_affinities.tpl

Lines changed: 21 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ preferredDuringSchedulingIgnoredDuringExecution:
8282
namespaces:
8383
- {{ .context.Release.Namespace }}
8484
{{- with $extraNamespaces }}
85-
{{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}
85+
{{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}
8686
{{- end }}
8787
{{- end }}
8888
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
@@ -97,6 +97,13 @@ preferredDuringSchedulingIgnoredDuringExecution:
9797
{{- range $key, $value := .extraMatchLabels }}
9898
{{ $key }}: {{ $value | quote }}
9999
{{- end }}
100+
{{- if .namespaces }}
101+
namespaces:
102+
- {{ $.context.Release.Namespace }}
103+
{{- with .namespaces }}
104+
{{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}
105+
{{- end }}
106+
{{- end }}
100107
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
101108
weight: {{ .weight | default 1 -}}
102109
{{- end -}}
@@ -121,13 +128,13 @@ requiredDuringSchedulingIgnoredDuringExecution:
121128
{{- range $key, $value := $extraMatchLabels }}
122129
{{ $key }}: {{ $value | quote }}
123130
{{- end }}
124-
{{- if $extraNamespaces }}
125-
namespaces:
126-
- {{ .context.Release.Namespace }}
127-
{{- with $extraNamespaces }}
128-
{{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }}
129-
{{- end }}
131+
{{- if $extraNamespaces }}
132+
namespaces:
133+
- {{ .context.Release.Namespace }}
134+
{{- with $extraNamespaces }}
135+
{{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}
130136
{{- end }}
137+
{{- end }}
131138
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
132139
{{- range $extraPodAffinityTerms }}
133140
- labelSelector:
@@ -138,6 +145,13 @@ requiredDuringSchedulingIgnoredDuringExecution:
138145
{{- range $key, $value := .extraMatchLabels }}
139146
{{ $key }}: {{ $value | quote }}
140147
{{- end }}
148+
{{- if .namespaces }}
149+
namespaces:
150+
- {{ $.context.Release.Namespace }}
151+
{{- with .namespaces }}
152+
{{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 6 }}
153+
{{- end }}
154+
{{- end }}
141155
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
142156
{{- end -}}
143157
{{- end -}}

helmfile.d/upstream/bitnami/thanos/charts/common/templates/_capabilities.tpl

Lines changed: 4 additions & 79 deletions
Original file line numberDiff line numberDiff line change
@@ -30,162 +30,93 @@ Usage:
3030
Return the appropriate apiVersion for poddisruptionbudget.
3131
*/}}
3232
{{- define "common.capabilities.policy.apiVersion" -}}
33-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
34-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}}
35-
{{- print "policy/v1beta1" -}}
36-
{{- else -}}
3733
{{- print "policy/v1" -}}
3834
{{- end -}}
39-
{{- end -}}
4035

4136
{{/*
4237
Return the appropriate apiVersion for networkpolicy.
4338
*/}}
4439
{{- define "common.capabilities.networkPolicy.apiVersion" -}}
45-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
46-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}}
47-
{{- print "extensions/v1beta1" -}}
48-
{{- else -}}
4940
{{- print "networking.k8s.io/v1" -}}
5041
{{- end -}}
51-
{{- end -}}
5242

5343
{{/*
5444
Return the appropriate apiVersion for job.
5545
*/}}
5646
{{- define "common.capabilities.job.apiVersion" -}}
57-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
58-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}}
59-
{{- print "batch/v1beta1" -}}
60-
{{- else -}}
6147
{{- print "batch/v1" -}}
6248
{{- end -}}
63-
{{- end -}}
6449

6550
{{/*
6651
Return the appropriate apiVersion for cronjob.
6752
*/}}
6853
{{- define "common.capabilities.cronjob.apiVersion" -}}
69-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
70-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}}
71-
{{- print "batch/v1beta1" -}}
72-
{{- else -}}
7354
{{- print "batch/v1" -}}
7455
{{- end -}}
75-
{{- end -}}
7656

7757
{{/*
7858
Return the appropriate apiVersion for daemonset.
7959
*/}}
8060
{{- define "common.capabilities.daemonset.apiVersion" -}}
81-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
82-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}}
83-
{{- print "extensions/v1beta1" -}}
84-
{{- else -}}
8561
{{- print "apps/v1" -}}
8662
{{- end -}}
87-
{{- end -}}
8863

8964
{{/*
9065
Return the appropriate apiVersion for deployment.
9166
*/}}
9267
{{- define "common.capabilities.deployment.apiVersion" -}}
93-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
94-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}}
95-
{{- print "extensions/v1beta1" -}}
96-
{{- else -}}
9768
{{- print "apps/v1" -}}
9869
{{- end -}}
99-
{{- end -}}
10070

10171
{{/*
10272
Return the appropriate apiVersion for statefulset.
10373
*/}}
10474
{{- define "common.capabilities.statefulset.apiVersion" -}}
105-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
106-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}}
107-
{{- print "apps/v1beta1" -}}
108-
{{- else -}}
10975
{{- print "apps/v1" -}}
11076
{{- end -}}
111-
{{- end -}}
11277

11378
{{/*
11479
Return the appropriate apiVersion for ingress.
11580
*/}}
11681
{{- define "common.capabilities.ingress.apiVersion" -}}
117-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
118-
{{- if (.Values.ingress).apiVersion -}}
119-
{{- .Values.ingress.apiVersion -}}
120-
{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}}
121-
{{- print "extensions/v1beta1" -}}
122-
{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}}
123-
{{- print "networking.k8s.io/v1beta1" -}}
124-
{{- else -}}
12582
{{- print "networking.k8s.io/v1" -}}
126-
{{- end }}
12783
{{- end -}}
12884

12985
{{/*
13086
Return the appropriate apiVersion for RBAC resources.
13187
*/}}
13288
{{- define "common.capabilities.rbac.apiVersion" -}}
133-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
134-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}}
135-
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
136-
{{- else -}}
13789
{{- print "rbac.authorization.k8s.io/v1" -}}
13890
{{- end -}}
139-
{{- end -}}
14091

14192
{{/*
14293
Return the appropriate apiVersion for CRDs.
14394
*/}}
14495
{{- define "common.capabilities.crd.apiVersion" -}}
145-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
146-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}}
147-
{{- print "apiextensions.k8s.io/v1beta1" -}}
148-
{{- else -}}
14996
{{- print "apiextensions.k8s.io/v1" -}}
15097
{{- end -}}
151-
{{- end -}}
15298

15399
{{/*
154100
Return the appropriate apiVersion for APIService.
155101
*/}}
156102
{{- define "common.capabilities.apiService.apiVersion" -}}
157-
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
158-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}}
159-
{{- print "apiregistration.k8s.io/v1beta1" -}}
160-
{{- else -}}
161103
{{- print "apiregistration.k8s.io/v1" -}}
162104
{{- end -}}
163-
{{- end -}}
164105

165106
{{/*
166107
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
167108
*/}}
168109
{{- define "common.capabilities.hpa.apiVersion" -}}
169110
{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}}
170-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}}
171-
{{- if .beta2 -}}
172-
{{- print "autoscaling/v2beta2" -}}
173-
{{- else -}}
174-
{{- print "autoscaling/v2beta1" -}}
175-
{{- end -}}
176-
{{- else -}}
177111
{{- print "autoscaling/v2" -}}
178112
{{- end -}}
179-
{{- end -}}
180113

181114
{{/*
182115
Return the appropriate apiVersion for Vertical Pod Autoscaler.
183116
*/}}
184117
{{- define "common.capabilities.vpa.apiVersion" -}}
185-
{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}}
186-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.11-0" $kubeVersion) -}}
187-
{{- print "autoscaling/v1beta1" -}}
188-
{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}}
118+
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
119+
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}}
189120
{{- print "autoscaling/v1beta2" -}}
190121
{{- else -}}
191122
{{- print "autoscaling/v1" -}}
@@ -207,19 +138,15 @@ Returns true if AdmissionConfiguration is supported
207138
*/}}
208139
{{- define "common.capabilities.admissionConfiguration.supported" -}}
209140
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
210-
{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}}
211141
{{- true -}}
212142
{{- end -}}
213-
{{- end -}}
214143

215144
{{/*
216145
Return the appropriate apiVersion for AdmissionConfiguration.
217146
*/}}
218147
{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
219148
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
220-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}}
221-
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
222-
{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}}
149+
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}}
223150
{{- print "apiserver.config.k8s.io/v1beta1" -}}
224151
{{- else -}}
225152
{{- print "apiserver.config.k8s.io/v1" -}}
@@ -231,9 +158,7 @@ Return the appropriate apiVersion for PodSecurityConfiguration.
231158
*/}}
232159
{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}}
233160
{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}}
234-
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}}
235-
{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}}
236-
{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}}
161+
{{- if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}}
237162
{{- print "pod-security.admission.config.k8s.io/v1beta1" -}}
238163
{{- else -}}
239164
{{- print "pod-security.admission.config.k8s.io/v1" -}}

helmfile.d/upstream/bitnami/thanos/charts/common/templates/_errors.tpl

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ Usage:
3838
{{- define "common.errors.insecureImages" -}}
3939
{{- $relocatedImages := list -}}
4040
{{- $replacedImages := list -}}
41+
{{- $bitnamiLegacyImages := list -}}
4142
{{- $retaggedImages := list -}}
4243
{{- $globalRegistry := ((.context.Values.global).imageRegistry) -}}
4344
{{- $originalImages := .context.Chart.Annotations.images -}}
@@ -49,7 +50,10 @@ Usage:
4950
{{- if not (contains $registryName $originalImages) -}}
5051
{{- $relocatedImages = append $relocatedImages $fullImageName -}}
5152
{{- else if not (contains .repository $originalImages) -}}
52-
{{- $replacedImages = append $replacedImages $fullImageName -}}
53+
{{- $replacedImages = append $replacedImages $fullImageName -}}
54+
{{- if contains "docker.io/bitnamilegacy/" $fullImageNameNoTag -}}
55+
{{- $bitnamiLegacyImages = append $bitnamiLegacyImages $fullImageName -}}
56+
{{- end -}}
5357
{{- end -}}
5458
{{- end -}}
5559
{{- if not (contains (printf "%s:%s" .repository .tag) $originalImages) -}}
@@ -58,14 +62,17 @@ Usage:
5862
{{- end -}}
5963

6064
{{- if and (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) (((.context.Values.global).security).allowInsecureImages) -}}
61-
{{- print "\n\n⚠ SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}}
65+
{{- print "\n\n⚠ SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Bitnami Secure Images containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}}
6266
{{- else if (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) -}}
6367
{{- $errorString := "Original containers have been substituted for unrecognized ones. Deploying this chart with non-standard containers is likely to cause degraded security and performance, broken chart features, and missing environment variables." -}}
6468
{{- $errorString = print $errorString "\n\nUnrecognized images:" -}}
6569
{{- range (concat $relocatedImages $replacedImages) -}}
6670
{{- $errorString = print $errorString "\n - " . -}}
6771
{{- end -}}
68-
{{- if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) -}}
72+
{{- if and (eq (len $relocatedImages) 0) (eq (len $replacedImages) (len $bitnamiLegacyImages)) -}}
73+
{{- $errorString = print "\n\n⚠ WARNING: " $errorString -}}
74+
{{- print $errorString -}}
75+
{{- else if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) (contains "docker.io/bitnamisecure/" $originalImages) -}}
6976
{{- $errorString = print "\n\n⚠ ERROR: " $errorString -}}
7077
{{- $errorString = print $errorString "\n\nIf you are sure you want to proceed with non-standard containers, you can skip container image verification by setting the global parameter 'global.security.allowInsecureImages' to true." -}}
7178
{{- $errorString = print $errorString "\nFurther information can be obtained at https://github.com/bitnami/charts/issues/30850" -}}
@@ -75,11 +82,11 @@ Usage:
7582
{{- print $errorString -}}
7683
{{- end -}}
7784
{{- else if gt (len $retaggedImages) 0 -}}
78-
{{- $warnString := "\n\n⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior." -}}
85+
{{- $warnString := "\n\n⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Bitnami and Bitnami Secure Images containers. Substituting original image tags could cause unexpected behavior." -}}
7986
{{- $warnString = print $warnString "\n\nRetagged images:" -}}
8087
{{- range $retaggedImages -}}
8188
{{- $warnString = print $warnString "\n - " . -}}
8289
{{- end -}}
8390
{{- print $warnString -}}
8491
{{- end -}}
85-
{{- end -}}
92+
{{- end -}}

0 commit comments

Comments
 (0)