truecharts.local
/
catalog
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Daily Prune 

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2022-04-01 07:01:11 +00:00
parent 717e9216ea
commit c0797f1e67
3484 changed files with 0 additions and 623319 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
core/k8s-gateway/4.0.44/CHANGELOG.md
View File

@ -1,99 +0,0 @@
# Changelog<br>
<a name="k8s-gateway-4.0.44"></a>
### [k8s-gateway-4.0.44](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.43...k8s-gateway-4.0.44) (2022-03-02)
#### Chore
* update helm general non-major helm releases ([#1999](https://github.com/truecharts/apps/issues/1999))
<a name="k8s-gateway-4.0.43"></a>
### [k8s-gateway-4.0.43](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.42...k8s-gateway-4.0.43) (2022-02-21)
#### Chore
* update helm general non-major helm releases ([#1927](https://github.com/truecharts/apps/issues/1927))
<a name="k8s-gateway-4.0.42"></a>
### [k8s-gateway-4.0.42](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.41...k8s-gateway-4.0.42) (2022-02-15)
#### Chore
* update helm general non-major helm releases ([#1901](https://github.com/truecharts/apps/issues/1901))
<a name="k8s-gateway-4.0.41"></a>
### [k8s-gateway-4.0.41](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.40...k8s-gateway-4.0.41) (2022-02-08)
#### Chore
* update helm general non-major helm releases ([#1871](https://github.com/truecharts/apps/issues/1871))
<a name="k8s-gateway-4.0.40"></a>
### [k8s-gateway-4.0.40](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.39...k8s-gateway-4.0.40) (2022-02-06)
#### Chore
* update helm chart common to v8.15.0 ([#1859](https://github.com/truecharts/apps/issues/1859))
<a name="k8s-gateway-4.0.39"></a>
### [k8s-gateway-4.0.39](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.38...k8s-gateway-4.0.39) (2022-02-05)
#### Chore
* update helm general non-major helm releases ([#1852](https://github.com/truecharts/apps/issues/1852))
<a name="k8s-gateway-4.0.38"></a>
### [k8s-gateway-4.0.38](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.37...k8s-gateway-4.0.38) (2022-02-02)
#### Chore
* update helm general non-major helm releases ([#1828](https://github.com/truecharts/apps/issues/1828))
<a name="k8s-gateway-4.0.37"></a>
### [k8s-gateway-4.0.37](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.36...k8s-gateway-4.0.37) (2022-01-25)
#### Chore
* update helm general non-major helm releases ([#1791](https://github.com/truecharts/apps/issues/1791))
<a name="k8s-gateway-4.0.36"></a>
### [k8s-gateway-4.0.36](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.35...k8s-gateway-4.0.36) (2022-01-24)
#### Chore
* update docker general non-major ([#1786](https://github.com/truecharts/apps/issues/1786))
<a name="k8s-gateway-4.0.35"></a>
### [k8s-gateway-4.0.35](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.34...k8s-gateway-4.0.35) (2022-01-22)
#### Chore
* update helm general non-major helm releases ([#1766](https://github.com/truecharts/apps/issues/1766))
<a name="k8s-gateway-4.0.34"></a>
### [k8s-gateway-4.0.34](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.33...k8s-gateway-4.0.34) (2022-01-21)
#### Chore
* update helm general non-major helm releases ([#1759](https://github.com/truecharts/apps/issues/1759))

8
core/k8s-gateway/4.0.44/CONFIG.md
View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

6
core/k8s-gateway/4.0.44/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.17.2
digest: sha256:ec244e1ae6bbf6b235c250bfb74967efb1622373c757cabdcc844d3b21590316
generated: "2022-03-02T11:42:27.946049315Z"

28
core/k8s-gateway/4.0.44/Chart.yaml
View File

@ -1,28 +0,0 @@
apiVersion: v2
appVersion: "0.2.2"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.17.2
deprecated: false
description: A Helm chart for the k8s_gateway CoreDNS plugin
home: https://github.com/truecharts/apps/tree/master/charts/stable/k8s-gateway
icon: https://truecharts.org/_static/img/appicons/k8s-gateway-icon.png
keywords:
- DNS
- networking
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: k8s-gateway
sources:
- https://github.com/ori-edge/k8s_gateway
type: application
version: 4.0.44
annotations:
truecharts.org/catagories: |
- networking
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

37
core/k8s-gateway/4.0.44/README.md
View File

@ -1,37 +0,0 @@
# Introduction
A Helm chart for the k8s_gateway CoreDNS plugin
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/ori-edge/k8s_gateway>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org | common | 8.17.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

3
core/k8s-gateway/4.0.44/app-readme.md
View File

@ -1,3 +0,0 @@
A Helm chart for the k8s_gateway CoreDNS plugin
This App is supplied by TrueCharts, for more information please visit https://truecharts.org

BIN
core/k8s-gateway/4.0.44/charts/common-8.17.2.tgz
View File

Binary file not shown.

66
core/k8s-gateway/4.0.44/helm-values.md
View File

@ -1,66 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| apex | string | `""` | Override the default `serviceName.namespace` domain apex |
| args[0] | string | `"-conf"` | |
| args[1] | string | `"/etc/coredns/Corefile"` | |
| domains | list | `[{"dnsChallenge":{"domain":"dns01.clouddns.com","enabled":false},"domain":"example.com"}]` | list of processed domains |
| domains[0] | object | `{"dnsChallenge":{"domain":"dns01.clouddns.com","enabled":false},"domain":"example.com"}` | Delegated domain |
| domains[0].dnsChallenge | object | `{"domain":"dns01.clouddns.com","enabled":false}` | Optional configuration option for DNS01 challenge that will redirect all acme challenge requests to external cloud domain (e.g. managed by cert-manager) See: https://cert-manager.io/docs/configuration/acme/dns01/ |
| forward.enabled | bool | `true` | |
| forward.options[0].name | string | `"tls_servername"` | |
| forward.options[0].value | string | `"cloudflare-dns.com"` | |
| forward.primary | string | `"tls://1.1.1.1"` | |
| forward.secondary | string | `"tls://1.0.0.1"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/k8s_gateway"` | |
| image.tag | string | `"v0.2.2@sha256:008cb572d83e84c74c554bf6e29614aee42d057f3e1fb09c37ec7ca1bc3ec7fd"` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsUser | int | `0` | |
| probes.liveness.custom | bool | `true` | |
| probes.liveness.spec.failureThreshold | int | `5` | |
| probes.liveness.spec.httpGet.path | string | `"/health"` | |
| probes.liveness.spec.httpGet.port | int | `8080` | |
| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | |
| probes.liveness.spec.initialDelaySeconds | int | `60` | |
| probes.liveness.spec.successThreshold | int | `1` | |
| probes.liveness.spec.timeoutSeconds | int | `5` | |
| probes.readiness.custom | bool | `true` | |
| probes.readiness.spec.failureThreshold | int | `5` | |
| probes.readiness.spec.httpGet.path | string | `"/ready"` | |
| probes.readiness.spec.httpGet.port | int | `8181` | |
| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | |
| probes.readiness.spec.initialDelaySeconds | int | `10` | |
| probes.readiness.spec.successThreshold | int | `1` | |
| probes.readiness.spec.timeoutSeconds | int | `5` | |
| probes.startup.custom | bool | `true` | |
| probes.startup.spec.failureThreshold | int | `60` | |
| probes.startup.spec.httpGet.path | string | `"/ready"` | |
| probes.startup.spec.httpGet.port | int | `8181` | |
| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | |
| probes.startup.spec.initialDelaySeconds | int | `3` | |
| probes.startup.spec.periodSeconds | int | `5` | |
| probes.startup.spec.timeoutSeconds | int | `2` | |
| rbac | object | See below | Create a ClusterRole and ClusterRoleBinding |
| rbac.enabled | bool | `true` | Enables or disables the ClusterRole and ClusterRoleBinding |
| rbac.rules | list | `[{"apiGroups":[""],"resources":["services","namespaces"],"verbs":["list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses"],"verbs":["list","watch"]}]` | Set Rules on the ClusterRole |
| secondary | string | `""` | Service name of a secondary DNS server (should be `serviceName.namespace`) |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `53` | |
| service.main.ports.main.protocol | string | `"UDP"` | |
| service.main.ports.main.targetPort | int | `53` | |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| ttl | int | `300` | TTL for non-apex responses (in seconds) |
| watchedResources | list | `[]` | Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"] |
All Rights Reserved - The TrueCharts Project

118
core/k8s-gateway/4.0.44/ix_values.yaml
View File

@ -1,118 +0,0 @@
image:
repository: tccr.io/truecharts/k8s_gateway
pullPolicy: IfNotPresent
tag: v0.2.2@sha256:008cb572d83e84c74c554bf6e29614aee42d057f3e1fb09c37ec7ca1bc3ec7fd
securityContext:
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
args: ["-conf", "/etc/coredns/Corefile"]
# -- TTL for non-apex responses (in seconds)
ttl: 300
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
watchedResources: []
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
secondary: ""
# -- Override the default `serviceName.namespace` domain apex
apex: ""
# -- list of processed domains
domains:
# -- Delegated domain
- domain: "example.com"
# -- Optional configuration option for DNS01 challenge that will redirect all acme
# challenge requests to external cloud domain (e.g. managed by cert-manager)
# See: https://cert-manager.io/docs/configuration/acme/dns01/
dnsChallenge:
enabled: false
domain: dns01.clouddns.com
forward:
enabled: true
primary: tls://1.1.1.1
secondary: tls://1.0.0.1
options:
- name: tls_servername
value: cloudflare-dns.com
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Create a ClusterRole and ClusterRoleBinding
# @default -- See below
rbac:
# -- Enables or disables the ClusterRole and ClusterRoleBinding
enabled: true
# -- Set Rules on the ClusterRole
rules:
- apiGroups:
- ""
resources:
- services
- namespaces
verbs:
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- watch
service:
main:
ports:
main:
protocol: UDP
port: 53
targetPort: 53
probes:
liveness:
custom: true
spec:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readiness:
custom: true
spec:
httpGet:
path: /ready
port: 8181
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
startup:
custom: true
spec:
httpGet:
path: /ready
port: 8181
scheme: HTTP
initialDelaySeconds: 3
timeoutSeconds: 2
periodSeconds: 5
failureThreshold: 60

1952
core/k8s-gateway/4.0.44/questions.yaml
View File

File diff suppressed because it is too large Load Diff

126
core/k8s-gateway/4.0.44/security.md
View File

@ -1,126 +0,0 @@
---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
#### Chart Object: k8s-gateway/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.privileged&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-k8s-gateway&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | <details><summary>Expand...</summary> HostPath volumes must be forbidden. <br> <hr> <br> Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should not set &#39;spec.template.volumes.hostPath&#39; </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv023">https://avd.aquasec.com/appshield/ksv023</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-k8s-gateway&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/k8s_gateway:v0.2.2@sha256:008cb572d83e84c74c554bf6e29614aee42d057f3e1fb09c37ec7ca1bc3ec7fd
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
#### Container: coredns
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.6 | 0.3.7 | <details><summary>Expand...</summary></details> |

64
core/k8s-gateway/4.0.44/templates/_configmap.tpl
View File

@ -1,64 +0,0 @@
{{/*
Create the matchable regex from domain
*/}}
{{- define "k8s-gateway.configmap.regex" -}}
{{- if .Values.domain }}
{{- .Values.domain | replace "." "[.]" -}}
{{- else -}}
{{ "unset" }}
{{- end }}
{{- end -}}
{{/* Define the configmap */}}
{{- define "k8s-gateway.configmap" -}}
{{- $values := .Values }}
{{- $fqdn := ( include "common.names.fqdn" . ) }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-corefile
labels:
{{- include "common.labels" . | nindent 4 }}
data:
Corefile: |-
.:53 {
errors
log
health {
lameduck 5s
}
ready
{{- range .Values.domains }}
{{- if .dnsChallenge.enabled }}
template IN ANY {{ required "Delegated domain ('domain') is mandatory " .domain }} {
match "_acme-challenge[.](.*)[.]{{ include "k8s-gateway.configmap.regex" . }}"
answer "{{ "{{" }} .Name {{ "}}" }} 5 IN CNAME {{ "{{" }} index .Match 1 {{ "}}" }}.{{ required "DNS01 challenge domain is mandatory " $values.dnsChallenge.domain }}"
fallthrough
}
{{- end }}
k8s_gateway "{{ required "Delegated domain ('domain') is mandatory " .domain }}" {
apex {{ $values.apex | default $fqdn }}
ttl {{ $values.ttl }}
{{- if $values.secondary }}
secondary {{ $values.secondary }}
{{- end }}
{{- if $values.watchedResources }}
resources {{ join " " $values.watchedResources }}
{{- end }}
fallthrough
}
{{- end }}
prometheus 0.0.0.0:9153
{{- if .Values.forward.enabled }}
forward . {{ .Values.forward.primary }} {{ .Values.forward.secondary }} {
{{- range .Values.forward.options }}
{{ .name }} {{ .value }}
{{- end }}
}
{{- end }}
loop
reload
loadbalance
}
{{- end -}}

24
core/k8s-gateway/4.0.44/templates/common.yaml
View File

@ -1,24 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{/* Render configmap for nextcloud */}}
{{- include "k8s-gateway.configmap" . }}
{{/* Append the general configMap volume to the volumes */}}
{{- define "k8s-gateway.configvolume" -}}
enabled: "true"
mountPath: "/etc/coredns"
readOnly: true
type: "custom"
volumeSpec:
configMap:
name: {{ include "common.names.fullname" . }}-corefile
items:
- key: Corefile
path: Corefile
{{- end -}}
{{- $_ := set .Values.persistence "config-volume" (include "k8s-gateway.configvolume" . | fromYaml) -}}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

0
core/k8s-gateway/4.0.44/values.yaml
View File

99
core/prometheus/1.1.73/CHANGELOG.md
View File

@ -1,99 +0,0 @@
# Changelog<br>
<a name="prometheus-1.1.73"></a>
### [prometheus-1.1.73](https://github.com/truecharts/apps/compare/uptimerobot-prometheus-2.0.23...prometheus-1.1.73) (2022-03-03)
#### Chore
* update docker general non-major ([#2006](https://github.com/truecharts/apps/issues/2006))
<a name="prometheus-1.1.72"></a>
### [prometheus-1.1.72](https://github.com/truecharts/apps/compare/prometheus-1.1.71...prometheus-1.1.72) (2022-03-02)
#### Chore
* update helm general non-major helm releases ([#1999](https://github.com/truecharts/apps/issues/1999))
<a name="prometheus-1.1.71"></a>
### [prometheus-1.1.71](https://github.com/truecharts/apps/compare/prometheus-1.1.70...prometheus-1.1.71) (2022-02-28)
#### Chore
* update docker general non-major ([#1983](https://github.com/truecharts/apps/issues/1983))
<a name="prometheus-1.1.70"></a>
### [prometheus-1.1.70](https://github.com/truecharts/apps/compare/prometheus-1.1.69...prometheus-1.1.70) (2022-02-28)
#### Chore
* update docker general non-major ([#1980](https://github.com/truecharts/apps/issues/1980))
<a name="prometheus-1.1.69"></a>
### [prometheus-1.1.69](https://github.com/truecharts/apps/compare/prometheus-1.1.68...prometheus-1.1.69) (2022-02-26)
#### Fix
* enable hostNetworking and change port ([#1969](https://github.com/truecharts/apps/issues/1969))
<a name="prometheus-1.1.68"></a>
### [prometheus-1.1.68](https://github.com/truecharts/apps/compare/prometheus-1.1.67...prometheus-1.1.68) (2022-02-26)
#### Chore
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
#### Fix
* don't export node-exporter on host
<a name="prometheus-1.1.67"></a>
### [prometheus-1.1.67](https://github.com/truecharts/apps/compare/prometheus-1.1.66...prometheus-1.1.67) (2022-02-22)
#### Chore
* update helm general non-major helm releases ([#1932](https://github.com/truecharts/apps/issues/1932))
<a name="prometheus-1.1.66"></a>
### [prometheus-1.1.66](https://github.com/truecharts/apps/compare/prometheus-1.1.65...prometheus-1.1.66) (2022-02-21)
#### Chore
* update helm general non-major helm releases ([#1927](https://github.com/truecharts/apps/issues/1927))
<a name="prometheus-1.1.65"></a>
### [prometheus-1.1.65](https://github.com/truecharts/apps/compare/prometheus-1.1.64...prometheus-1.1.65) (2022-02-21)
#### Chore
* update docker general non-major ([#1924](https://github.com/truecharts/apps/issues/1924))
<a name="prometheus-1.1.64"></a>
### [prometheus-1.1.64](https://github.com/truecharts/apps/compare/prometheus-1.1.63...prometheus-1.1.64) (2022-02-15)
#### Chore
* update helm general non-major helm releases ([#1901](https://github.com/truecharts/apps/issues/1901))
<a name="prometheus-1.1.63"></a>
### [prometheus-1.1.63](https://github.com/truecharts/apps/compare/prometheus-1.1.62...prometheus-1.1.63) (2022-02-14)

8
core/prometheus/1.1.73/CONFIG.md
View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

12
core/prometheus/1.1.73/Chart.lock
View File

@ -1,12 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.17.2
- name: node-exporter
repository: https://charts.bitnami.com/bitnami
version: 2.4.4
- name: kube-state-metrics
repository: https://charts.bitnami.com/bitnami
version: 2.2.11
digest: sha256:29d62ab2566111ea70030a95b4b20585f9b86fc062aaf073b320ff442ade87c8
generated: "2022-03-03T11:45:35.882042522Z"

36
core/prometheus/1.1.73/Chart.yaml
View File

@ -1,36 +0,0 @@
apiVersion: v2
appVersion: "0.54.1"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.17.2
- condition: exporters.enabled,exporters.node-exporter.enabled
name: node-exporter
repository: https://charts.bitnami.com/bitnami
version: 2.4.4
- condition: exporters.enabled,exporters.kube-state-metrics.enabled
name: kube-state-metrics
repository: https://charts.bitnami.com/bitnami
version: 2.2.11
deprecated: false
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
icon: https://truecharts.org/_static/img/appicons/prometheus-icon.png
home: https://github.com/truecharts/apps/tree/master/charts/stable/prometheus
keywords:
- metrics
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: prometheus
sources:
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
type: application
version: 1.1.73
annotations:
truecharts.org/catagories: |
- metrics
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

40
core/prometheus/1.1.73/README.md
View File

@ -1,40 +0,0 @@
# Introduction
kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/prometheus-community/helm-charts>
* <https://github.com/prometheus-operator/kube-prometheus>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://charts.bitnami.com/bitnami | kube-state-metrics | 2.2.11 |
| https://charts.bitnami.com/bitnami | node-exporter | 2.4.4 |
| https://truecharts.org | common | 8.17.2 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

3
core/prometheus/1.1.73/app-readme.md
View File

@ -1,3 +0,0 @@
kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
This App is supplied by TrueCharts, for more information please visit https://truecharts.org

BIN
core/prometheus/1.1.73/charts/common-8.17.2.tgz
View File

Binary file not shown.

BIN
core/prometheus/1.1.73/charts/kube-state-metrics-2.2.11.tgz
View File

Binary file not shown.

BIN
core/prometheus/1.1.73/charts/node-exporter-2.4.4.tgz
View File

Binary file not shown.

2680
core/prometheus/1.1.73/crds/crd-alertmanager-config.yaml
View File

File diff suppressed because it is too large Load Diff

5875
core/prometheus/1.1.73/crds/crd-alertmanager.yaml
View File

File diff suppressed because it is too large Load Diff

583
core/prometheus/1.1.73/crds/crd-podmonitor.yaml
View File

@ -1,583 +0,0 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: podmonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: PodMonitor
listKind: PodMonitorList
plural: podmonitors
singular: podmonitor
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: PodMonitor defines monitoring for a set of pods.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of desired Pod selection for target discovery
by Prometheus.
properties:
jobLabel:
description: The label to use to retrieve the job name from.
type: string
labelLimit:
description: Per-scrape limit on number of labels that will be accepted
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
format: int64
type: integer
labelNameLengthLimit:
description: Per-scrape limit on length of labels name that will be
accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64
type: integer
labelValueLengthLimit:
description: Per-scrape limit on length of labels value that will
be accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64
type: integer
namespaceSelector:
description: Selector to select which namespaces the Endpoints objects
are discovered from.
properties:
any:
description: Boolean describing whether all namespaces are selected
in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
type: object
podMetricsEndpoints:
description: A list of endpoints allowed as part of this PodMonitor.
items:
description: PodMetricsEndpoint defines a scrapeable endpoint of
a Kubernetes Pod serving Prometheus metrics.
properties:
authorization:
description: Authorization section for this endpoint
properties:
credentials:
description: The secret's key that contains the credentials
of the request
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type:
description: Set the authentication type. Defaults to Bearer,
Basic will cause an error
type: string
type: object
basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over
basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
properties:
password:
description: The secret in the service monitor namespace
that contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: Secret to mount to read bearer token for scraping
targets. The secret needs to be in the same namespace as the
pod monitor and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
honorLabels:
description: HonorLabels chooses the metric's labels on collisions
with target labels.
type: boolean
honorTimestamps:
description: HonorTimestamps controls whether Prometheus respects
the timestamps present in scraped data.
type: boolean
interval:
description: Interval at which metrics should be scraped
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before
ingestion.
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines `<metric_relabel_configs>`-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
oauth2:
description: OAuth2 for the URL. Only valid in Prometheus versions
2.27.0 and newer.
properties:
clientId:
description: The secret or configmap containing the OAuth2
client id
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
clientSecret:
description: The secret containing the OAuth2 client secret
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
endpointParams:
additionalProperties:
type: string
description: Parameters to append to the token URL
type: object
scopes:
description: OAuth2 scopes used for the token request
items:
type: string
type: array
tokenUrl:
description: The URL to fetch the token from
minLength: 1
type: string
required:
- clientId
- clientSecret
- tokenUrl
type: object
params:
additionalProperties:
items:
type: string
type: array
description: Optional HTTP URL parameters
type: object
path:
description: HTTP path to scrape for metrics.
type: string
port:
description: Name of the pod port this endpoint refers to. Mutually
exclusive with targetPort.
type: string
proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
to proxy through this endpoint.
type: string
relabelings:
description: 'RelabelConfigs to apply to samples before scraping.
Prometheus Operator automatically adds relabelings for a few
standard Kubernetes fields and replaces original scrape job
name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines `<metric_relabel_configs>`-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
scheme:
description: HTTP scheme to use for scraping.
type: string
scrapeTimeout:
description: Timeout after which the scrape is ended
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: 'Deprecated: Use ''port'' instead.'
x-kubernetes-int-or-string: true
tlsConfig:
description: TLS configuration to use when scraping the endpoint.
properties:
ca:
description: Struct containing the CA cert to use for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert file for
the targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key file for the
targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
type: object
type: array
podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes Pod
onto the target.
items:
type: string
type: array
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped
samples that will be accepted.
format: int64
type: integer
selector:
description: Selector to select Pod objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
targetLimit:
description: TargetLimit defines a limit on the number of scraped
targets that will be accepted.
format: int64
type: integer
required:
- podMetricsEndpoints
- selector
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

613
core/prometheus/1.1.73/crds/crd-probes.yaml
View File

@ -1,613 +0,0 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: probes.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: Probe
listKind: ProbeList
plural: probes
singular: probe
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: Probe defines monitoring for a set of static targets or ingresses.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of desired Ingress selection for target discovery
by Prometheus.
properties:
authorization:
description: Authorization section for this endpoint
properties:
credentials:
description: The secret's key that contains the credentials of
the request
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type:
description: Set the authentication type. Defaults to Bearer,
Basic will cause an error
type: string
type: object
basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over basic
authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
properties:
password:
description: The secret in the service monitor namespace that
contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace that
contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: Secret to mount to read bearer token for scraping targets.
The secret needs to be in the same namespace as the probe and accessible
by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
interval:
description: Interval at which targets are probed using the configured
prober. If not specified Prometheus' global scrape interval is used.
type: string
jobName:
description: The job name assigned to scraped metrics by default.
type: string
labelLimit:
description: Per-scrape limit on number of labels that will be accepted
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
format: int64
type: integer
labelNameLengthLimit:
description: Per-scrape limit on length of labels name that will be
accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64
type: integer
labelValueLengthLimit:
description: Per-scrape limit on length of labels value that will
be accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64
type: integer
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before ingestion.
items:
description: 'RelabelConfig allows dynamic rewriting of the label
set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section
of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching. Default
is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source label
values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex capture
groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source label
values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing labels.
Their content is concatenated using the configured separator
and matched against the configured regular expression for
the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written in
a replace action. It is mandatory for replace actions. Regex
capture groups are available.
type: string
type: object
type: array
module:
description: 'The module to use for probing specifying how to probe
the target. Example module configuring in the blackbox exporter:
https://github.com/prometheus/blackbox_exporter/blob/master/example.yml'
type: string
oauth2:
description: OAuth2 for the URL. Only valid in Prometheus versions
2.27.0 and newer.
properties:
clientId:
description: The secret or configmap containing the OAuth2 client
id
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
clientSecret:
description: The secret containing the OAuth2 client secret
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
endpointParams:
additionalProperties:
type: string
description: Parameters to append to the token URL
type: object
scopes:
description: OAuth2 scopes used for the token request
items:
type: string
type: array
tokenUrl:
description: The URL to fetch the token from
minLength: 1
type: string
required:
- clientId
- clientSecret
- tokenUrl
type: object
prober:
description: Specification for the prober to use for probing targets.
The prober.URL parameter is required. Targets cannot be probed if
left empty.
properties:
path:
description: Path to collect metrics from. Defaults to `/probe`.
type: string
proxyUrl:
description: Optional ProxyURL.
type: string
scheme:
description: HTTP scheme to use for scraping. Defaults to `http`.
type: string
url:
description: Mandatory URL of the prober.
type: string
required:
- url
type: object
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped
samples that will be accepted.
format: int64
type: integer
scrapeTimeout:
description: Timeout for scraping metrics from the Prometheus exporter.
type: string
targetLimit:
description: TargetLimit defines a limit on the number of scraped
targets that will be accepted.
format: int64
type: integer
targets:
description: Targets defines a set of static and/or dynamically discovered
targets to be probed using the prober.
properties:
ingress:
description: Ingress defines the set of dynamically discovered
ingress objects which hosts are considered for probing.
properties:
namespaceSelector:
description: Select Ingress objects by namespace.
properties:
any:
description: Boolean describing whether all namespaces
are selected in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
type: object
relabelingConfigs:
description: 'RelabelConfigs to apply to samples before ingestion.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of
the label set, being applied to samples before ingestion.
It defines `<metric_relabel_configs>`-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex
replace is performed if the regular expression matches.
Regex capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
selector:
description: Select Ingress objects by labels.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
type: object
staticConfig:
description: 'StaticConfig defines static targets which are considers
for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.'
properties:
labels:
additionalProperties:
type: string
description: Labels assigned to all metrics scraped from the
targets.
type: object
relabelingConfigs:
description: 'RelabelConfigs to apply to samples before ingestion.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of
the label set, being applied to samples before ingestion.
It defines `<metric_relabel_configs>`-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex
replace is performed if the regular expression matches.
Regex capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
static:
description: Targets is a list of URLs to probe using the
configured prober.
items:
type: string
type: array
type: object
type: object
tlsConfig:
description: TLS configuration to use when scraping the endpoint.
properties:
ca:
description: Struct containing the CA cert to use for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert file for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key file for the targets.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

8123
core/prometheus/1.1.73/crds/crd-prometheus.yaml
View File

File diff suppressed because it is too large Load Diff

103
core/prometheus/1.1.73/crds/crd-prometheusrules.yaml
View File

@ -1,103 +0,0 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: prometheusrules.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: PrometheusRule
listKind: PrometheusRuleList
plural: prometheusrules
singular: prometheusrule
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: PrometheusRule defines recording and alerting rules for a Prometheus
instance
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of desired alerting rule definitions for Prometheus.
properties:
groups:
description: Content of Prometheus rule file
items:
description: 'RuleGroup is a list of sequentially evaluated recording
and alerting rules. Note: PartialResponseStrategy is only used
by ThanosRuler and will be ignored by Prometheus instances. Valid
values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response'
properties:
interval:
type: string
name:
type: string
partial_response_strategy:
type: string
rules:
items:
description: 'Rule describes an alerting or recording rule
See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/)
or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules)
rule'
properties:
alert:
type: string
annotations:
additionalProperties:
type: string
type: object
expr:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
for:
type: string
labels:
additionalProperties:
type: string
type: object
record:
type: string
required:
- expr
type: object
type: array
required:
- name
- rules
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

610
core/prometheus/1.1.73/crds/crd-servicemonitor.yaml
View File

@ -1,610 +0,0 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: servicemonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: ServiceMonitor
listKind: ServiceMonitorList
plural: servicemonitors
singular: servicemonitor
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ServiceMonitor defines monitoring for a set of services.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of desired Service selection for target discovery
by Prometheus.
properties:
endpoints:
description: A list of endpoints allowed as part of this ServiceMonitor.
items:
description: Endpoint defines a scrapeable endpoint serving Prometheus
metrics.
properties:
authorization:
description: Authorization section for this endpoint
properties:
credentials:
description: The secret's key that contains the credentials
of the request
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type:
description: Set the authentication type. Defaults to Bearer,
Basic will cause an error
type: string
type: object
basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over
basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
properties:
password:
description: The secret in the service monitor namespace
that contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenFile:
description: File to read bearer token for scraping targets.
type: string
bearerTokenSecret:
description: Secret to mount to read bearer token for scraping
targets. The secret needs to be in the same namespace as the
service monitor and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
honorLabels:
description: HonorLabels chooses the metric's labels on collisions
with target labels.
type: boolean
honorTimestamps:
description: HonorTimestamps controls whether Prometheus respects
the timestamps present in scraped data.
type: boolean
interval:
description: Interval at which metrics should be scraped
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before
ingestion.
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines `<metric_relabel_configs>`-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
oauth2:
description: OAuth2 for the URL. Only valid in Prometheus versions
2.27.0 and newer.
properties:
clientId:
description: The secret or configmap containing the OAuth2
client id
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
clientSecret:
description: The secret containing the OAuth2 client secret
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
endpointParams:
additionalProperties:
type: string
description: Parameters to append to the token URL
type: object
scopes:
description: OAuth2 scopes used for the token request
items:
type: string
type: array
tokenUrl:
description: The URL to fetch the token from
minLength: 1
type: string
required:
- clientId
- clientSecret
- tokenUrl
type: object
params:
additionalProperties:
items:
type: string
type: array
description: Optional HTTP URL parameters
type: object
path:
description: HTTP path to scrape for metrics.
type: string
port:
description: Name of the service port this endpoint refers to.
Mutually exclusive with targetPort.
type: string
proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
to proxy through this endpoint.
type: string
relabelings:
description: 'RelabelConfigs to apply to samples before scraping.
Prometheus Operator automatically adds relabelings for a few
standard Kubernetes fields and replaces original scrape job
name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines `<metric_relabel_configs>`-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
scheme:
description: HTTP scheme to use for scraping.
type: string
scrapeTimeout:
description: Timeout after which the scrape is ended
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: Name or number of the target port of the Pod behind
the Service, the port must be specified with container port
property. Mutually exclusive with port.
x-kubernetes-int-or-string: true
tlsConfig:
description: TLS configuration to use when scraping the endpoint
properties:
ca:
description: Struct containing the CA cert to use for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
description: Struct containing the client cert file for
the targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
certFile:
description: Path to the client cert file in the Prometheus
container for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus
container for the targets.
type: string
keySecret:
description: Secret containing the client key file for the
targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
type: object
type: array
jobLabel:
description: "Chooses the label of the Kubernetes `Endpoints`. Its
value will be used for the `job`-label's value of the created metrics.
\n Default & fallback value: the name of the respective Kubernetes
`Endpoint`."
type: string
labelLimit:
description: Per-scrape limit on number of labels that will be accepted
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
format: int64
type: integer
labelNameLengthLimit:
description: Per-scrape limit on length of labels name that will be
accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64
type: integer
labelValueLengthLimit:
description: Per-scrape limit on length of labels value that will
be accepted for a sample. Only valid in Prometheus versions 2.27.0
and newer.
format: int64
type: integer
namespaceSelector:
description: Selector to select which namespaces the Kubernetes Endpoints
objects are discovered from.
properties:
any:
description: Boolean describing whether all namespaces are selected
in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
type: object
podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes `Pod`
onto the created metrics.
items:
type: string
type: array
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped
samples that will be accepted.
format: int64
type: integer
selector:
description: Selector to select Endpoints objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
targetLabels:
description: TargetLabels transfers labels from the Kubernetes `Service`
onto the created metrics. All labels set in `selector.matchLabels`
are automatically transferred.
items:
type: string
type: array
targetLimit:
description: TargetLimit defines a limit on the number of scraped
targets that will be accepted.
format: int64
type: integer
required:
- endpoints
- selector
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

6036
core/prometheus/1.1.73/crds/crd-thanosrulers.yaml
View File

File diff suppressed because it is too large Load Diff

353
core/prometheus/1.1.73/helm-values.md
View File

@ -1,353 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alertmanager.additionalPeers | list | `[]` | |
| alertmanager.affinity | object | `{}` | |
| alertmanager.config.global.resolve_timeout | string | `"5m"` | |
| alertmanager.config.receivers[0].name | string | `"null"` | |
| alertmanager.config.route.group_by[0] | string | `"job"` | |
| alertmanager.config.route.group_interval | string | `"5m"` | |
| alertmanager.config.route.group_wait | string | `"30s"` | |
| alertmanager.config.route.receiver | string | `"null"` | |
| alertmanager.config.route.repeat_interval | string | `"12h"` | |
| alertmanager.config.route.routes[0].match.alertname | string | `"Watchdog"` | |
| alertmanager.config.route.routes[0].receiver | string | `"null"` | |
| alertmanager.configMaps | list | `[]` | |
| alertmanager.configNamespaceSelector | object | `{}` | |
| alertmanager.configSelector | object | `{}` | |
| alertmanager.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| alertmanager.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| alertmanager.containerSecurityContext.enabled | bool | `true` | |
| alertmanager.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| alertmanager.containerSecurityContext.runAsNonRoot | bool | `true` | |
| alertmanager.containers | list | `[]` | |
| alertmanager.enabled | bool | `true` | |
| alertmanager.externalConfig | bool | `false` | |
| alertmanager.externalUrl | string | `""` | |
| alertmanager.listenLocal | bool | `false` | |
| alertmanager.livenessProbe.enabled | bool | `true` | |
| alertmanager.livenessProbe.failureThreshold | int | `120` | |
| alertmanager.livenessProbe.initialDelaySeconds | int | `0` | |
| alertmanager.livenessProbe.path | string | `"/-/healthy"` | |
| alertmanager.livenessProbe.periodSeconds | int | `5` | |
| alertmanager.livenessProbe.successThreshold | int | `1` | |
| alertmanager.livenessProbe.timeoutSeconds | int | `3` | |
| alertmanager.logFormat | string | `"logfmt"` | |
| alertmanager.logLevel | string | `"info"` | |
| alertmanager.nodeAffinityPreset.key | string | `""` | |
| alertmanager.nodeAffinityPreset.type | string | `""` | |
| alertmanager.nodeAffinityPreset.values | list | `[]` | |
| alertmanager.nodeSelector | object | `{}` | |
| alertmanager.paused | bool | `false` | |
| alertmanager.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| alertmanager.persistence.enabled | bool | `true` | |
| alertmanager.persistence.size | string | `"999Gi"` | |
| alertmanager.persistence.storageClass | string | `""` | |
| alertmanager.podAffinityPreset | string | `""` | |
| alertmanager.podAntiAffinityPreset | string | `"soft"` | |
| alertmanager.podDisruptionBudget.enabled | bool | `false` | |
| alertmanager.podDisruptionBudget.maxUnavailable | string | `""` | |
| alertmanager.podDisruptionBudget.minAvailable | int | `1` | |
| alertmanager.podMetadata.annotations | object | `{}` | |
| alertmanager.podMetadata.labels | object | `{}` | |
| alertmanager.podSecurityContext.enabled | bool | `true` | |
| alertmanager.podSecurityContext.fsGroup | int | `1001` | |
| alertmanager.podSecurityContext.runAsUser | int | `1001` | |
| alertmanager.portName | string | `"alertmanager"` | |
| alertmanager.priorityClassName | string | `""` | |
| alertmanager.readinessProbe.enabled | bool | `true` | |
| alertmanager.readinessProbe.failureThreshold | int | `120` | |
| alertmanager.readinessProbe.initialDelaySeconds | int | `0` | |
| alertmanager.readinessProbe.path | string | `"/-/ready"` | |
| alertmanager.readinessProbe.periodSeconds | int | `5` | |
| alertmanager.readinessProbe.successThreshold | int | `1` | |
| alertmanager.readinessProbe.timeoutSeconds | int | `3` | |
| alertmanager.replicaCount | int | `1` | |
| alertmanager.resources | object | `{}` | |
| alertmanager.retention | string | `"240h"` | |
| alertmanager.routePrefix | string | `"/"` | |
| alertmanager.secrets | list | `[]` | |
| alertmanager.serviceAccount.create | bool | `true` | |
| alertmanager.serviceAccount.name | string | `""` | |
| alertmanager.serviceMonitor.enabled | bool | `true` | |
| alertmanager.serviceMonitor.interval | string | `""` | |
| alertmanager.serviceMonitor.metricRelabelings | list | `[]` | |
| alertmanager.serviceMonitor.relabelings | list | `[]` | |
| alertmanager.storageSpec | object | `{}` | |
| alertmanager.tolerations | list | `[]` | |
| alertmanager.volumeMounts | list | `[]` | |
| alertmanager.volumes | list | `[]` | |
| alertmanagerImage.repository | string | `"tccr.io/truecharts/alertmanager"` | |
| alertmanagerImage.tag | string | `"v0.23.0@sha256:15bc2c7be2c7c4ad497849abb0e95c30804727de68a0e9c93597b01aaf79b8bc"` | |
| coreDns.enabled | bool | `true` | |
| coreDns.namespace | string | `"kube-system"` | |
| coreDns.service.enabled | bool | `true` | |
| coreDns.service.port | int | `9153` | |
| coreDns.service.selector | object | `{}` | |
| coreDns.service.targetPort | int | `9153` | |
| coreDns.serviceMonitor.interval | string | `""` | |
| coreDns.serviceMonitor.metricRelabelings | list | `[]` | |
| coreDns.serviceMonitor.relabelings | list | `[]` | |
| envValueFrom.PROMETHEUS_CONFIG_RELOADER.configMapKeyRef.key | string | `"prometheus-config-reloader"` | |
| envValueFrom.PROMETHEUS_CONFIG_RELOADER.configMapKeyRef.name | string | `"prometheus-operator-config"` | |
| exporters.kube-state-metrics.enabled | bool | `true` | |
| exporters.node-exporter.enabled | bool | `true` | |
| global.labels | object | `{}` | |
| image.repository | string | `"tccr.io/truecharts/prometheus-operator"` | |
| image.tag | string | `"v0.54.1@sha256:7e13e152e1cc2bf2d7067d232fe1eb10087ba4471a70637fa7082839d2118e6c"` | |
| ingress.alertmanager.enabled | bool | `false` | |
| ingress.main.enabled | bool | `false` | |
| ingress.thanos.enabled | bool | `false` | |
| kube-state-metrics.serviceMonitor.enabled | bool | `true` | |
| kube-state-metrics.serviceMonitor.honorLabels | bool | `true` | |
| kubeApiServer.enabled | bool | `true` | |
| kubeApiServer.serviceMonitor.interval | string | `""` | |
| kubeApiServer.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeApiServer.serviceMonitor.relabelings | list | `[]` | |
| kubeControllerManager.enabled | bool | `false` | |
| kubeControllerManager.endpoints | list | `[]` | |
| kubeControllerManager.namespace | string | `"kube-system"` | |
| kubeControllerManager.service.enabled | bool | `true` | |
| kubeControllerManager.service.port | int | `10252` | |
| kubeControllerManager.service.selector | object | `{}` | |
| kubeControllerManager.service.targetPort | int | `10252` | |
| kubeControllerManager.serviceMonitor.https | bool | `false` | |
| kubeControllerManager.serviceMonitor.insecureSkipVerify | string | `""` | |
| kubeControllerManager.serviceMonitor.interval | string | `""` | |
| kubeControllerManager.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeControllerManager.serviceMonitor.relabelings | list | `[]` | |
| kubeControllerManager.serviceMonitor.serverName | string | `""` | |
| kubeProxy.enabled | bool | `false` | |
| kubeScheduler.enabled | bool | `false` | |
| kubeScheduler.endpoints | list | `[]` | |
| kubeScheduler.namespace | string | `"kube-system"` | |
| kubeScheduler.service.enabled | bool | `true` | |
| kubeScheduler.service.port | int | `10251` | |
| kubeScheduler.service.selector | object | `{}` | |
| kubeScheduler.service.targetPort | int | `10251` | |
| kubeScheduler.serviceMonitor.https | bool | `false` | |
| kubeScheduler.serviceMonitor.insecureSkipVerify | string | `""` | |
| kubeScheduler.serviceMonitor.interval | string | `""` | |
| kubeScheduler.serviceMonitor.metricRelabelings | list | `[]` | |
| kubeScheduler.serviceMonitor.relabelings | list | `[]` | |
| kubeScheduler.serviceMonitor.serverName | string | `""` | |
| kubelet.enabled | bool | `true` | |
| kubelet.namespace | string | `"kube-system"` | |
| kubelet.serviceMonitor.cAdvisorMetricRelabelings | list | `[]` | |
| kubelet.serviceMonitor.cAdvisorRelabelings | list | `[]` | |
| kubelet.serviceMonitor.https | bool | `true` | |
| kubelet.serviceMonitor.interval | string | `""` | |
| kubelet.serviceMonitor.metricRelabelings | list | `[]` | |
| kubelet.serviceMonitor.relabelings | list | `[]` | |
| node-exporter.extraArgs."collector.filesystem.ignored-fs-types" | string | `"^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"` | |
| node-exporter.extraArgs."collector.filesystem.ignored-mount-points" | string | `"^/(dev|proc|sys|var/lib/docker/.+)($|/)"` | |
| node-exporter.service.labels.jobLabel | string | `"node-exporter"` | |
| node-exporter.service.port | int | `9910` | |
| node-exporter.service.targetPort | int | `9910` | |
| node-exporter.serviceMonitor.enabled | bool | `true` | |
| node-exporter.serviceMonitor.jobLabel | string | `"jobLabel"` | |
| operator.configReloaderResources | object | `{}` | |
| operator.enabled | bool | `true` | |
| operator.kubeletService.enabled | bool | `true` | |
| operator.kubeletService.namespace | string | `"kube-system"` | |
| operator.logFormat | string | `"logfmt"` | |
| operator.logLevel | string | `"info"` | |
| operator.prometheusConfigReloader.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| operator.prometheusConfigReloader.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| operator.prometheusConfigReloader.containerSecurityContext.enabled | bool | `true` | |
| operator.prometheusConfigReloader.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| operator.prometheusConfigReloader.containerSecurityContext.runAsNonRoot | bool | `true` | |
| operator.prometheusConfigReloader.livenessProbe.enabled | bool | `true` | |
| operator.prometheusConfigReloader.livenessProbe.failureThreshold | int | `6` | |
| operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds | int | `10` | |
| operator.prometheusConfigReloader.livenessProbe.periodSeconds | int | `10` | |
| operator.prometheusConfigReloader.livenessProbe.successThreshold | int | `1` | |
| operator.prometheusConfigReloader.livenessProbe.timeoutSeconds | int | `5` | |
| operator.prometheusConfigReloader.readinessProbe.enabled | bool | `true` | |
| operator.prometheusConfigReloader.readinessProbe.failureThreshold | int | `6` | |
| operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds | int | `15` | |
| operator.prometheusConfigReloader.readinessProbe.periodSeconds | int | `20` | |
| operator.prometheusConfigReloader.readinessProbe.successThreshold | int | `1` | |
| operator.prometheusConfigReloader.readinessProbe.timeoutSeconds | int | `5` | |
| operator.serviceMonitor.enabled | bool | `true` | |
| operator.serviceMonitor.interval | string | `""` | |
| operator.serviceMonitor.metricRelabelings | list | `[]` | |
| operator.serviceMonitor.relabelings | list | `[]` | |
| probes.liveness | object | See below | Liveness probe configuration |
| probes.readiness | object | See below | Redainess probe configuration |
| probes.startup | object | See below | Startup probe configuration |
| prometheus.additionalAlertRelabelConfigsExternal.enabled | bool | `false` | |
| prometheus.additionalAlertRelabelConfigsExternal.key | string | `""` | |
| prometheus.additionalAlertRelabelConfigsExternal.name | string | `""` | |
| prometheus.additionalPrometheusRules | list | `[]` | |
| prometheus.additionalScrapeConfigs.enabled | bool | `false` | |
| prometheus.additionalScrapeConfigs.external.key | string | `""` | |
| prometheus.additionalScrapeConfigs.external.name | string | `""` | |
| prometheus.additionalScrapeConfigs.internal.jobList | list | `[]` | |
| prometheus.additionalScrapeConfigs.type | string | `"external"` | |
| prometheus.additionalScrapeConfigsExternal.enabled | bool | `false` | |
| prometheus.additionalScrapeConfigsExternal.key | string | `""` | |
| prometheus.additionalScrapeConfigsExternal.name | string | `""` | |
| prometheus.affinity | object | `{}` | |
| prometheus.alertingEndpoints | list | `[]` | |
| prometheus.configMaps | list | `[]` | |
| prometheus.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| prometheus.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| prometheus.containerSecurityContext.enabled | bool | `true` | |
| prometheus.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| prometheus.containerSecurityContext.runAsNonRoot | bool | `true` | |
| prometheus.containers | list | `[]` | |
| prometheus.disableCompaction | bool | `false` | |
| prometheus.enableAdminAPI | bool | `false` | |
| prometheus.enableFeatures | list | `[]` | |
| prometheus.enabled | bool | `true` | |
| prometheus.evaluationInterval | string | `""` | |
| prometheus.externalLabels | object | `{}` | |
| prometheus.externalUrl | string | `""` | |
| prometheus.listenLocal | bool | `false` | |
| prometheus.livenessProbe.enabled | bool | `true` | |
| prometheus.livenessProbe.failureThreshold | int | `10` | |
| prometheus.livenessProbe.initialDelaySeconds | int | `0` | |
| prometheus.livenessProbe.path | string | `"/-/healthy"` | |
| prometheus.livenessProbe.periodSeconds | int | `10` | |
| prometheus.livenessProbe.successThreshold | int | `1` | |
| prometheus.livenessProbe.timeoutSeconds | int | `3` | |
| prometheus.logFormat | string | `"logfmt"` | |
| prometheus.logLevel | string | `"info"` | |
| prometheus.matchLabels | object | `{}` | |
| prometheus.nodeAffinityPreset.key | string | `""` | |
| prometheus.nodeAffinityPreset.type | string | `""` | |
| prometheus.nodeAffinityPreset.values | list | `[]` | |
| prometheus.nodeSelector | object | `{}` | |
| prometheus.paused | bool | `false` | |
| prometheus.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| prometheus.persistence.enabled | bool | `true` | |
| prometheus.persistence.size | string | `"999Gi"` | |
| prometheus.persistence.storageClass | string | `""` | |
| prometheus.podAffinityPreset | string | `""` | |
| prometheus.podAntiAffinityPreset | string | `"soft"` | |
| prometheus.podMetadata.annotations | object | `{}` | |
| prometheus.podMetadata.labels | object | `{}` | |
| prometheus.podMonitorNamespaceSelector | object | `{}` | |
| prometheus.podMonitorSelector | object | `{}` | |
| prometheus.podSecurityContext.enabled | bool | `true` | |
| prometheus.podSecurityContext.fsGroup | int | `1001` | |
| prometheus.podSecurityContext.runAsUser | int | `1001` | |
| prometheus.portName | string | `"main"` | |
| prometheus.priorityClassName | string | `""` | |
| prometheus.probeNamespaceSelector | object | `{}` | |
| prometheus.probeSelector | object | `{}` | |
| prometheus.prometheusExternalLabelName | string | `""` | |
| prometheus.prometheusExternalLabelNameClear | bool | `false` | |
| prometheus.querySpec | object | `{}` | |
| prometheus.readinessProbe.enabled | bool | `true` | |
| prometheus.readinessProbe.failureThreshold | int | `10` | |
| prometheus.readinessProbe.initialDelaySeconds | int | `0` | |
| prometheus.readinessProbe.path | string | `"/-/ready"` | |
| prometheus.readinessProbe.periodSeconds | int | `10` | |
| prometheus.readinessProbe.successThreshold | int | `1` | |
| prometheus.readinessProbe.timeoutSeconds | int | `3` | |
| prometheus.remoteRead | list | `[]` | |
| prometheus.remoteWrite | list | `[]` | |
| prometheus.replicaCount | int | `1` | |
| prometheus.replicaExternalLabelName | string | `""` | |
| prometheus.replicaExternalLabelNameClear | bool | `false` | |
| prometheus.resources | object | `{}` | |
| prometheus.retention | string | `"31d"` | |
| prometheus.retentionSize | string | `""` | |
| prometheus.routePrefix | string | `"/"` | |
| prometheus.ruleNamespaceSelector | object | `{}` | |
| prometheus.ruleSelector | object | `{}` | |
| prometheus.scrapeInterval | string | `""` | |
| prometheus.secrets | list | `[]` | |
| prometheus.serviceAccount.annotations | object | `{}` | |
| prometheus.serviceAccount.create | bool | `true` | |
| prometheus.serviceAccount.name | string | `""` | |
| prometheus.serviceMonitor.enabled | bool | `true` | |
| prometheus.serviceMonitor.interval | string | `""` | |
| prometheus.serviceMonitor.metricRelabelings | list | `[]` | |
| prometheus.serviceMonitor.relabelings | list | `[]` | |
| prometheus.serviceMonitorNamespaceSelector | object | `{}` | |
| prometheus.serviceMonitorSelector | object | `{}` | |
| prometheus.storageSpec | object | `{}` | |
| prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| prometheus.thanos.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| prometheus.thanos.containerSecurityContext.enabled | bool | `true` | |
| prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
| prometheus.thanos.containerSecurityContext.runAsNonRoot | bool | `true` | |
| prometheus.thanos.create | bool | `false` | |
| prometheus.thanos.extraArgs | list | `[]` | |
| prometheus.thanos.extraVolumeMounts | list | `[]` | |
| prometheus.thanos.livenessProbe.enabled | bool | `true` | |
| prometheus.thanos.livenessProbe.failureThreshold | int | `120` | |
| prometheus.thanos.livenessProbe.initialDelaySeconds | int | `0` | |
| prometheus.thanos.livenessProbe.path | string | `"/-/healthy"` | |
| prometheus.thanos.livenessProbe.periodSeconds | int | `5` | |
| prometheus.thanos.livenessProbe.successThreshold | int | `1` | |
| prometheus.thanos.livenessProbe.timeoutSeconds | int | `3` | |
| prometheus.thanos.objectStorageConfig | object | `{}` | |
| prometheus.thanos.prometheusUrl | string | `""` | |
| prometheus.thanos.readinessProbe.enabled | bool | `true` | |
| prometheus.thanos.readinessProbe.failureThreshold | int | `120` | |
| prometheus.thanos.readinessProbe.initialDelaySeconds | int | `0` | |
| prometheus.thanos.readinessProbe.path | string | `"/-/ready"` | |
| prometheus.thanos.readinessProbe.periodSeconds | int | `5` | |
| prometheus.thanos.readinessProbe.successThreshold | int | `1` | |
| prometheus.thanos.readinessProbe.timeoutSeconds | int | `3` | |
| prometheus.thanos.resources.limits | object | `{}` | |
| prometheus.thanos.resources.requests | object | `{}` | |
| prometheus.thanos.service.annotations | object | `{}` | |
| prometheus.thanos.service.clusterIP | string | `"None"` | |
| prometheus.thanos.service.extraPorts | list | `[]` | |
| prometheus.thanos.service.loadBalancerIP | string | `""` | |
| prometheus.thanos.service.loadBalancerSourceRanges | list | `[]` | |
| prometheus.thanos.service.nodePort | string | `""` | |
| prometheus.thanos.service.port | int | `10901` | |
| prometheus.thanos.service.type | string | `"ClusterIP"` | |
| prometheus.tolerations | list | `[]` | |
| prometheus.volumeMounts | list | `[]` | |
| prometheus.volumes | list | `[]` | |
| prometheus.walCompression | bool | `false` | |
| prometheusImage.repository | string | `"tccr.io/truecharts/prometheus"` | |
| prometheusImage.tag | string | `"v2.33.4@sha256:da73415d33ce2c2c653ac96737b48b4cf3a357d6b8655fd35b89438357e56b3a"` | |
| rbac | object | `{"enabled":true,"rules":[{"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"],"verbs":["create"]},{"apiGroups":["apiextensions.k8s.io"],"resourceNames":["alertmanagers.monitoring.coreos.com","podmonitors.monitoring.coreos.com","prometheuses.monitoring.coreos.com","prometheusrules.monitoring.coreos.com","servicemonitors.monitoring.coreos.com","thanosrulers.monitoring.coreos.com","probes.monitoring.coreos.com"],"resources":["customresourcedefinitions"],"verbs":["get","update"]},{"apiGroups":["monitoring.coreos.com"],"resources":["alertmanagers","alertmanagers/finalizers","alertmanagerconfigs","prometheuses","prometheuses/finalizers","thanosrulers","thanosrulers/finalizers","servicemonitors","podmonitors","probes","prometheusrules"],"verbs":["*"]},{"apiGroups":["apps"],"resources":["statefulsets"],"verbs":["*"]},{"apiGroups":[""],"resources":["configmaps","secrets"],"verbs":["*"]},{"apiGroups":[""],"resources":["pods"],"verbs":["list","delete"]},{"apiGroups":[""],"resources":["services","services/finalizers","endpoints"],"verbs":["get","create","update","delete"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["list","watch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list","watch"]},{"apiGroups":["networking.k8s.io"],"resources":["ingresses"],"verbs":["get","list","watch"]}]}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| service.alertmanager.enabled | bool | `true` | |
| service.alertmanager.ports.alertmanager.enabled | bool | `true` | |
| service.alertmanager.ports.alertmanager.port | int | `10087` | |
| service.alertmanager.ports.alertmanager.protocol | string | `"HTTP"` | |
| service.alertmanager.ports.alertmanager.targetPort | int | `9093` | |
| service.alertmanager.selector."app.kubernetes.io/name" | string | `"alertmanager"` | |
| service.alertmanager.selector.alertmanager | string | `"{{ template \"kube-prometheus.alertmanager.fullname\" . }}"` | |
| service.main.ports.main.port | int | `10086` | |
| service.main.ports.main.protocol | string | `"HTTP"` | |
| service.main.ports.main.targetPort | int | `9090` | |
| service.main.selector."app.kubernetes.io/name" | string | `"prometheus"` | |
| service.main.selector.prometheus | string | `"{{ template \"kube-prometheus.prometheus.fullname\" . }}"` | |
| service.promop.enabled | bool | `true` | |
| service.promop.ports.promop.enabled | bool | `true` | |
| service.promop.ports.promop.port | int | `10089` | |
| service.promop.ports.promop.protocol | string | `"HTTP"` | |
| service.promop.ports.promop.targetPort | int | `8080` | |
| service.thanos.enabled | bool | `true` | |
| service.thanos.ports.thanos.enabled | bool | `true` | |
| service.thanos.ports.thanos.port | int | `10901` | |
| service.thanos.ports.thanos.protocol | string | `"HTTP"` | |
| service.thanos.ports.thanos.targetPort | int | `10901` | |
| service.thanos.selector."app.kubernetes.io/name" | string | `"prometheus"` | |
| service.thanos.selector.prometheus | string | `"{{ template \"kube-prometheus.prometheus.fullname\" . }}"` | |
| serviceAccount | object | `{"create":true}` | The service account the pods will use to interact with the Kubernetes API |
| thanosImage.repository | string | `"tccr.io/truecharts/thanos"` | |
| thanosImage.tag | string | `"v0.24.0@sha256:876fbb5c2c5a24a04081d44af2bd9ef5a276f82c95081f6ab57d121a4a93c8a9"` | |
All Rights Reserved - The TrueCharts Project

1381
core/prometheus/1.1.73/ix_values.yaml
View File

File diff suppressed because it is too large Load Diff

1635
core/prometheus/1.1.73/questions.yaml
View File

File diff suppressed because it is too large Load Diff

815
core/prometheus/1.1.73/security.md
View File

File diff suppressed because one or more lines are too long

198
core/prometheus/1.1.73/templates/_helpers.tpl
View File

@ -1,198 +0,0 @@
{{/* Name suffixed with operator */}}
{{- define "kube-prometheus.fullname" -}}
{{- printf "%s" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with operator */}}
{{- define "kube-prometheus.name" -}}
{{- printf "%s" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with operator */}}
{{- define "kube-prometheus.operator.name" -}}
{{- printf "%s-operator" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with prometheus */}}
{{- define "kube-prometheus.prometheus.name" -}}
{{- printf "%s-prometheus" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with alertmanager */}}
{{- define "kube-prometheus.alertmanager.name" -}}
{{- printf "%s-alertmanager" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with thanos */}}
{{- define "kube-prometheus.thanos.name" -}}
{{- printf "%s-thanos" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Fullname suffixed with operator */}}
{{- define "kube-prometheus.operator.fullname" -}}
{{- printf "%s-operator" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Fullname suffixed with prometheus */}}
{{- define "kube-prometheus.prometheus.fullname" -}}
{{- printf "%s-prometheus" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Fullname suffixed with alertmanager */}}
{{- define "kube-prometheus.alertmanager.fullname" -}}
{{- printf "%s-alertmanager" (include "common.names.fullname" . ) -}}
{{- end }}
{{/* Fullname suffixed with thanos */}}
{{- define "kube-prometheus.thanos.fullname" -}}
{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}}
{{- end }}
{{- define "kube-prometheus.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common Labels
*/}}
{{- define "kube-prometheus.labels" -}}
{{ include "common.labels" . }}
{{- if .Values.global.labels }}
{{ toYaml .Values.global.labels }}
{{- end }}
{{- end -}}
{{/*
Labels for operator
*/}}
{{- define "kube-prometheus.operator.labels" -}}
{{ include "common.labels" . }}
app.kubernetes.io/component: operator
{{- end -}}
{{/*
Labels for prometheus
*/}}
{{- define "kube-prometheus.prometheus.labels" -}}
{{ include "common.labels" . }}
app.kubernetes.io/component: prometheus
{{- end -}}
{{/*
Labels for alertmanager
*/}}
{{- define "kube-prometheus.alertmanager.labels" -}}
{{ include "common.labels" . }}
app.kubernetes.io/component: alertmanager
{{- end -}}
{{/*
matchLabels for operator
*/}}
{{- define "kube-prometheus.operator.matchLabels" -}}
{{ include "common.labels.selectorLabels" . }}
app.kubernetes.io/component: operator
{{- end -}}
{{/*
matchLabels for prometheus
*/}}
{{- define "kube-prometheus.prometheus.matchLabels" -}}
{{ include "common.labels.selectorLabels" . }}
app.kubernetes.io/component: prometheus
{{- end -}}
{{/*
matchLabels for alertmanager
*/}}
{{- define "kube-prometheus.alertmanager.matchLabels" -}}
{{ include "common.labels.selectorLabels" . }}
app.kubernetes.io/component: alertmanager
{{- end -}}
{{/*
Return the proper Prometheus Operator image name
*/}}
{{- define "kube-prometheus.image" -}}
{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }}
{{- end -}}
{{/*
Return the proper Prometheus Operator Reloader image name
*/}}
{{- define "kube-prometheus.prometheusConfigReloader.image" -}}
{{- include "kube-prometheus.image" . -}}
{{- end -}}
{{/*
Return the proper Prometheus Image name
*/}}
{{- define "kube-prometheus.prometheus.image" -}}
{{ printf "%s:%s" .Values.prometheusImage.repository (default .Chart.AppVersion .Values.prometheusImage.tag) | quote }}
{{- end -}}
{{/*
Return the proper Thanos Image name
*/}}
{{- define "kube-prometheus.prometheus.thanosImage" -}}
{{ printf "%s:%s" .Values.thanosImage.repository (default .Chart.AppVersion .Values.thanosImage.tag) | quote }}
{{- end -}}
{{/*
Return the proper Alertmanager Image name
*/}}
{{- define "kube-prometheus.alertmanager.image" -}}
{{ printf "%s:%s" .Values.alertmanagerImage.repository (default .Chart.AppVersion .Values.alertmanagerImage.tag) | quote }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "kube-prometheus.imagePullSecrets" -}}
{{- end -}}
{{/*
Create the name of the operator service account to use
*/}}
{{- define "kube-prometheus.operator.serviceAccountName" -}}
{{- if .Values.operator.serviceAccount.create -}}
{{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.operator.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the prometheus service account to use
*/}}
{{- define "kube-prometheus.prometheus.serviceAccountName" -}}
{{- if .Values.prometheus.serviceAccount.create -}}
{{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.prometheus.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the alertmanager service account to use
*/}}
{{- define "kube-prometheus.alertmanager.serviceAccountName" -}}
{{- if .Values.alertmanager.serviceAccount.create -}}
{{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.alertmanager.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "kube-prometheus.validateValues" -}}
{{- $messages := list -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}

183
core/prometheus/1.1.73/templates/alertmanager/_alertmanager.tpl
View File

@ -1,183 +0,0 @@
{{- define "prometheus.alertmanager.alertmanager" -}}
{{- if .Values.alertmanager.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: Alertmanager
metadata:
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.alertmanager.replicaCount }}
serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }}
{{- if .Values.alertmanager.image }}
image: {{ template "kube-prometheus.alertmanager.image" . }}
{{- end }}
listenLocal: {{ .Values.alertmanager.listenLocal }}
{{- if index .Values.alertmanager "externalUrl" }}
externalUrl: "{{ .Values.alertmanager.externalUrl }}"
{{- else if and .Values.ingress.alertmanager.enabled .Values.ingress.alertmanager.hosts }}
externalUrl: {{ if .Values.ingress.alertmanager.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.alertmanager.hosts 0).name }}{{ .Values.alertmanager.routePrefix }}
{{- else }}
externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.alertmanager.ports.alertmanager.port }}{{ .Values.alertmanager.routePrefix }}
{{- end }}
portName: "{{ .Values.alertmanager.portName }}"
paused: {{ .Values.alertmanager.paused }}
logFormat: {{ .Values.alertmanager.logFormat }}
logLevel: {{ .Values.alertmanager.logLevel }}
retention: {{ .Values.alertmanager.retention }}
{{- if .Values.alertmanager.secrets }}
secrets: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.configMaps }}
configMaps: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }}
{{- end }}
resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }}
routePrefix: "{{ .Values.alertmanager.routePrefix }}"
{{- if .Values.alertmanager.podSecurityContext.enabled }}
securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.storageSpec }}
storage: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }}
{{- else }}
{{- if .Values.alertmanager.persistence.enabled }}
storage:
volumeClaimTemplate:
spec:
accessModes:
{{- range .Values.alertmanager.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.alertmanager.persistence.size | quote }}
{{- include "common.storage.class" (dict "persistence" .Values.alertmanager.persistence "global" $ ) | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
podMetadata:
labels:
{{- if .Values.alertmanager.podMetadata.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }}
{{- end }}
{{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
{{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
{{- end }}
{{- if .Values.alertmanager.podMetadata.annotations }}
annotations:
{{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }}
{{- else }}
affinity:
{{- if not (empty .Values.alertmanager.podAffinityPreset) }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.alertmanager.podAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
{{- end }}
{{- if not (empty .Values.alertmanager.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.alertmanager.podAntiAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
{{- end }}
{{- if not (empty .Values.alertmanager.nodeAffinityPreset.values) }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.alertmanager.nodeAffinityPreset.type "key" .Values.alertmanager.nodeAffinityPreset.key "values" .Values.alertmanager.nodeAffinityPreset.values) | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.volumes }}
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.volumeMounts }}
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }}
{{- end }}
{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
{{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
containers:
{{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }}
## This monkey patching is needed until the securityContexts are
## directly patchable via the CRD.
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
## currently implemented with strategic merge
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
- name: alertmanager
{{- if .Values.alertmanager.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.alertmanager.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.alertmanager.livenessProbe.path }}
port: alertmanager
scheme: HTTP
initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.alertmanager.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.alertmanager.readinessProbe.path }}
port: alertmanager
scheme: HTTP
initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
## This monkey patching is needed until the securityContexts are
## directly patchable via the CRD.
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
## currently implemented with strategic merge
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
- name: config-reloader
{{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }}
livenessProbe:
tcpSocket:
port: reloader-web
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: reloader-web
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.containers }}
{{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.priorityClassName }}
priorityClassName: {{ .Values.alertmanager.priorityClassName }}
{{- end }}
{{- if .Values.alertmanager.additionalPeers }}
additionalPeers: {{ .Values.alertmanager.additionalPeers }}
{{- end }}
{{- if .Values.alertmanager.configNamespaceSelector }}
alertmanagerConfigNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.configSelector }}
alertmanagerConfigSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

13
core/prometheus/1.1.73/templates/alertmanager/secrets.yaml
View File

@ -1,13 +0,0 @@
{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }}
apiVersion: v1
kind: Secret
metadata:
name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
data:
alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
{{- range $key, $val := .Values.alertmanager.templateFiles }}
{{ $key }}: {{ $val | b64enc | quote }}
{{- end }}
{{- end }}

12
core/prometheus/1.1.73/templates/alertmanager/serviceaccount.yaml
View File

@ -1,12 +0,0 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
{{- if index .Values.alertmanager.serviceAccount "annotations" }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- include "kube-prometheus.imagePullSecrets" . }}
{{- end }}

26
core/prometheus/1.1.73/templates/alertmanager/servicemonitor.yaml
View File

@ -1,26 +0,0 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
endpoints:
- port: http
{{- if .Values.alertmanager.serviceMonitor.interval }}
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
{{- end }}
path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.alertmanager.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
{{- end }}

18
core/prometheus/1.1.73/templates/common.yaml
View File

@ -1,18 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{- $newArgs := (include "prometheus.operator.args" . | fromYaml) }}
{{- $_ := set .Values "newArgs" $newArgs -}}
{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
{{- $_ := set .Values "args" $mergedargs -}}
{{- include "prometheus.prometheus.prometheus" . }}
{{- include "prometheus.prometheus.additionalprometheusrules" . }}
{{- include "prometheus.prometheus.additionalscrapejobs" . }}
{{- include "prometheus.prometheus.servicemonitor" . }}
{{- include "prometheus.alertmanager.alertmanager" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

22
core/prometheus/1.1.73/templates/exporters/core-dns/service.yaml
View File

@ -1,22 +0,0 @@
{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus.fullname" . }}-coredns
namespace: {{ .Values.coreDns.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.coreDns.service.port }}
protocol: TCP
targetPort: {{ .Values.coreDns.service.targetPort }}
selector:
{{- if .Values.coreDns.service.selector }}
{{ toYaml .Values.coreDns.service.selector | indent 4 }}
{{- else}}
k8s-app: kube-dns
{{- end}}
{{- end }}

29
core/prometheus/1.1.73/templates/exporters/core-dns/servicemonitor.yaml
View File

@ -1,29 +0,0 @@
{{- if .Values.coreDns.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-coredns
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
spec:
jobLabel: k8s-app
selector:
matchLabels:
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
namespaceSelector:
matchNames:
- {{ .Values.coreDns.namespace }}
endpoints:
- port: http-metrics
{{- if .Values.coreDns.serviceMonitor.interval}}
interval: {{ .Values.coreDns.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.coreDns.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- end }}

35
core/prometheus/1.1.73/templates/exporters/kube-apiserver/servicemonitor.yaml
View File

@ -1,35 +0,0 @@
{{- if .Values.kubeApiServer.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-apiserver
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: apiserver
spec:
jobLabel: component
selector:
matchLabels:
component: apiserver
provider: kubernetes
namespaceSelector:
matchNames:
- default
endpoints:
- port: https
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
serverName: kubernetes
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeApiServer.serviceMonitor.interval }}
interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
{{- end }}

18
core/prometheus/1.1.73/templates/exporters/kube-controller-manager/endpoints.yaml
View File

@ -1,18 +0,0 @@
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }}
apiVersion: v1
kind: Endpoints
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
namespace: {{ .Values.kubeControllerManager.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: kube-controller-manager
subsets:
- addresses:
{{- range .Values.kubeControllerManager.endpoints }}
- ip: {{ . }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.kubeControllerManager.service.port }}
protocol: TCP
{{- end }}

25
core/prometheus/1.1.73/templates/exporters/kube-controller-manager/service.yaml
View File

@ -1,25 +0,0 @@
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
namespace: {{ .Values.kubeControllerManager.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.kubeControllerManager.service.port }}
protocol: TCP
targetPort: {{ .Values.kubeControllerManager.service.targetPort }}
{{- if .Values.kubeControllerManager.endpoints }}{{- else }}
selector:
{{- if .Values.kubeControllerManager.service.selector }}
{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }}
{{- else}}
component: kube-controller-manager
{{- end}}
{{- end }}
type: ClusterIP
{{- end }}

40
core/prometheus/1.1.73/templates/exporters/kube-controller-manager/servicemonitor.yaml
View File

@ -1,40 +0,0 @@
{{- if .Values.kubeControllerManager.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
spec:
jobLabel: component
selector:
matchLabels:
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
namespaceSelector:
matchNames:
- {{ .Values.kubeControllerManager.namespace }}
endpoints:
- port: http-metrics
{{- if .Values.kubeControllerManager.serviceMonitor.interval }}
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeControllerManager.serviceMonitor.https }}
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
{{- end }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- end }}

18
core/prometheus/1.1.73/templates/exporters/kube-scheduler/endpoints.yaml
View File

@ -1,18 +0,0 @@
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }}
apiVersion: v1
kind: Endpoints
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
namespace: {{ .Values.kubeScheduler.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: kube-scheduler
subsets:
- addresses:
{{- range .Values.kubeScheduler.endpoints }}
- ip: {{ . }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.kubeScheduler.service.port }}
protocol: TCP
{{- end }}

25
core/prometheus/1.1.73/templates/exporters/kube-scheduler/service.yaml
View File

@ -1,25 +0,0 @@
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
namespace: {{ .Values.kubeScheduler.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.kubeScheduler.service.port}}
protocol: TCP
targetPort: {{ .Values.kubeScheduler.service.targetPort}}
{{- if .Values.kubeScheduler.endpoints }}{{- else }}
selector:
{{- if .Values.kubeScheduler.service.selector }}
{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }}
{{- else}}
component: kube-scheduler
{{- end}}
{{- end }}
type: ClusterIP
{{- end -}}

40
core/prometheus/1.1.73/templates/exporters/kube-scheduler/servicemonitor.yaml
View File

@ -1,40 +0,0 @@
{{- if .Values.kubeScheduler.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
spec:
jobLabel: component
selector:
matchLabels:
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
namespaceSelector:
matchNames:
- {{ .Values.kubeScheduler.namespace }}
endpoints:
- port: http-metrics
{{- if .Values.kubeScheduler.serviceMonitor.interval }}
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeScheduler.serviceMonitor.https }}
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
{{- end}}
{{- if .Values.kubeScheduler.serviceMonitor.serverName }}
serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
{{- end}}
{{- end}}
{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- end }}

85
core/prometheus/1.1.73/templates/exporters/kubelet/servicemonitor.yaml
View File

@ -1,85 +0,0 @@
{{- if .Values.kubelet.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kubelet
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: kubelet
spec:
jobLabel: k8s-app
selector:
matchLabels:
k8s-app: kubelet
namespaceSelector:
matchNames:
- {{ .Values.kubelet.namespace }}
endpoints:
{{- if .Values.kubelet.serviceMonitor.https }}
- port: https-metrics
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
serverName: kubernetes
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
- port: https-metrics
path: /metrics/cadvisor
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
serverName: kubernetes
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
{{- end }}
{{- else }}
- port: http-metrics
scheme: http
tlsConfig:
insecureSkipVerify: false
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
- port: http-metrics
path: /metrics/cadvisor
scheme: http
tlsConfig:
insecureSkipVerify: false
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

31
core/prometheus/1.1.73/templates/operator/_args.tpl
View File

@ -1,31 +0,0 @@
{{/* Define the args */}}
{{- define "prometheus.operator.args" -}}
args:
{{- if .Values.operator.kubeletService.enabled }}
- --kubelet-service={{ .Values.operator.kubeletService.namespace }}/{{ template "kube-prometheus.fullname" . }}-kubelet
{{- end }}
{{- if .Values.operator.logFormat }}
- --log-format={{ .Values.operator.logFormat }}
{{- end }}
{{- if .Values.operator.logLevel }}
- --log-level={{ .Values.operator.logLevel }}
{{- end }}
- --localhost=127.0.0.1
- --prometheus-config-reloader=$(PROMETHEUS_CONFIG_RELOADER)
{{- if .Values.operator.configReloaderResources.requests }}
{{- if .Values.operator.configReloaderResources.requests.cpu }}
- --config-reloader-cpu-request={{ .Values.operator.configReloaderResources.requests.cpu }}
{{- end }}
{{- if .Values.operator.configReloaderResources.requests.memory }}
- --config-reloader-memory-request={{ .Values.operator.configReloaderResources.requests.memory }}
{{- end }}
{{- end }}
{{- if .Values.operator.configReloaderResources.limits }}
{{- if .Values.operator.configReloaderResources.limits.cpu }}
- --config-reloader-cpu-limit={{ .Values.operator.configReloaderResources.limits.cpu }}
{{- end }}
{{- if .Values.operator.configReloaderResources.limits.memory }}
- --config-reloader-memory-limit={{ .Values.operator.configReloaderResources.limits.memory }}
{{- end }}
{{- end }}
{{- end -}}

9
core/prometheus/1.1.73/templates/operator/configmap.yaml
View File

@ -1,9 +0,0 @@
{{- if .Values.operator.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-operator-config
labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }}
data:
prometheus-config-reloader: {{ template "kube-prometheus.prometheusConfigReloader.image" . }}
{{- end }}

25
core/prometheus/1.1.73/templates/operator/servicemonitor.yaml
View File

@ -1,25 +0,0 @@
{{- if and .Values.operator.enabled .Values.operator.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.operator.fullname" . }}
labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }}
spec:
endpoints:
- port: http
honorLabels: true
{{- if .Values.operator.serviceMonitor.interval }}
interval: {{ .Values.operator.serviceMonitor.interval }}
{{- end }}
{{- if .Values.operator.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.operator.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.operator.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.operator.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
selector:
matchLabels: {{- include "kube-prometheus.operator.matchLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end }}

15
core/prometheus/1.1.73/templates/prometheus/_additionalPrometheusRules.tpl
View File

@ -1,15 +0,0 @@
{{- define "prometheus.prometheus.additionalprometheusrules" -}}
{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}}
{{- range .Values.prometheus.additionalPrometheusRules }}
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "kube-prometheus.name" $ }}-{{ .name }}
namespace: {{ $.Release.Namespace }}
labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }}
spec:
groups: {{- toYaml .groups | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

13
core/prometheus/1.1.73/templates/prometheus/_additionalScrapeJobs.tpl
View File

@ -1,13 +0,0 @@
{{- define "prometheus.prometheus.additionalscrapejobs" -}}
{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }}
--
apiVersion: v1
kind: Secret
metadata:
name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
data:
scrape-jobs.yaml: {{ include "common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }}
{{- end }}
{{- end }}

361
core/prometheus/1.1.73/templates/prometheus/_prometheus.tpl
View File

@ -1,361 +0,0 @@
{{- define "prometheus.prometheus.prometheus" -}}
{{- if .Values.prometheus.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: {{ template "kube-prometheus.prometheus.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.prometheus.replicaCount }}
serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
{{- if .Values.prometheus.serviceMonitorSelector }}
serviceMonitorSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }}
{{- else }}
serviceMonitorSelector: {}
{{- end }}
{{- if .Values.prometheus.podMonitorSelector }}
podMonitorSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }}
{{- else }}
podMonitorSelector: {}
{{- end }}
{{- if .Values.prometheus.probeSelector }}
probeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }}
{{- else }}
probeSelector: {}
{{- end }}
alerting:
alertmanagers:
{{- if .Values.prometheus.alertingEndpoints }}
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }}
{{- else if .Values.alertmanager.enabled }}
- namespace: {{ .Release.Namespace }}
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
port: http
pathPrefix: "{{ .Values.alertmanager.routePrefix }}"
{{- else }}
[]
{{- end }}
{{- if .Values.prometheus.image }}
image: {{ template "kube-prometheus.prometheus.image" . }}
{{- end }}
{{- if .Values.prometheus.externalLabels }}
externalLabels: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusExternalLabelNameClear }}
prometheusExternalLabelName: ""
{{- else if .Values.prometheus.prometheusExternalLabelName }}
prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}"
{{- end }}
{{- if .Values.prometheus.replicaExternalLabelNameClear }}
replicaExternalLabelName: ""
{{- else if .Values.prometheus.replicaExternalLabelName }}
replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}"
{{- end }}
{{- if index .Values.prometheus "externalUrl" }}
externalUrl: "{{ .Values.prometheus.externalUrl }}"
{{- else if and .Values.ingress.main.enabled .Values.ingress.main.hosts }}
externalUrl: {{ if .Values.ingress.main.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.main.hosts 0).name }}{{ .Values.prometheus.routePrefix }}
{{- else }}
externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }}
{{- end }}
paused: {{ .Values.prometheus.paused }}
logLevel: {{ .Values.prometheus.logLevel }}
logFormat: {{ .Values.prometheus.logFormat }}
listenLocal: {{ .Values.prometheus.listenLocal }}
enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }}
{{- if .Values.prometheus.enableFeatures }}
enableFeatures:
{{- range .Values.prometheus.enableFeatures }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.scrapeInterval }}
scrapeInterval: {{ .Values.prometheus.scrapeInterval }}
{{- end }}
{{- if .Values.prometheus.evaluationInterval }}
evaluationInterval: {{ .Values.prometheus.evaluationInterval }}
{{- end }}
{{- if .Values.prometheus.resources }}
resources: {{- toYaml .Values.prometheus.resources | nindent 4 }}
{{- end }}
retention: {{ .Values.prometheus.retention }}
{{- if .Values.prometheus.retentionSize }}
retentionSize: {{ .Values.prometheus.retentionSize }}
{{- end }}
{{- if .Values.prometheus.disableCompaction }}
disableCompaction: {{ .Values.prometheus.disableCompaction }}
{{- end }}
{{- if .Values.prometheus.walCompression }}
walCompression: {{ .Values.prometheus.walCompression }}
{{- end }}
portName: "{{ .Values.prometheus.portName }}"
routePrefix: "{{ .Values.prometheus.routePrefix }}"
{{- if .Values.prometheus.secrets }}
secrets: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.configMaps }}
configMaps: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.serviceMonitorNamespaceSelector }}
serviceMonitorNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }}
{{- else }}
serviceMonitorNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.podMonitorNamespaceSelector }}
podMonitorNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }}
{{- else }}
podMonitorNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.probeNamespaceSelector }}
probeNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }}
{{- else }}
probeNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.remoteRead }}
remoteRead: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.remoteWrite }}
remoteWrite: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.podSecurityContext.enabled }}
securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.ruleNamespaceSelector }}
ruleNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }}
{{- else }}
ruleNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.ruleSelector }}
ruleSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }}
{{- else }}
ruleSelector: {}
{{- end }}
{{- if .Values.prometheus.storageSpec }}
storage: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }}
{{- else if .Values.prometheus.persistence.enabled }}
storage:
volumeClaimTemplate:
spec:
accessModes:
{{- range .Values.prometheus.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.prometheus.persistence.size | quote }}
{{- include "common.storage.class" (dict "persistence" .Values.prometheus.persistence "global" $ ) | nindent 8 }}
{{- end }}
{{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
podMetadata:
labels:
{{- if .Values.prometheus.podMetadata.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }}
{{- end }}
{{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
{{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
{{- end }}
{{- if .Values.prometheus.podMetadata.annotations }}
annotations:
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.querySpec }}
query: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }}
{{- else }}
affinity:
{{- if not (empty .Values.prometheus.podAffinityPreset) }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.prometheus.podAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
{{- end }}
{{- if not (empty .Values.prometheus.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.prometheus.podAntiAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
{{- end }}
{{- if not (empty .Values.prometheus.nodeAffinityPreset.values) }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.prometheus.nodeAffinityPreset.type "key" .Values.prometheus.nodeAffinityPreset.key "values" .Values.prometheus.nodeAffinityPreset.values) | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.volumes }}
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.volumeMounts }}
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }}
{{- end }}
{{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
additionalScrapeConfigs:
{{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }}
name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }}
key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }}
{{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }}
name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }}
key: scrape-jobs.yaml
{{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }}
key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }}
additionalAlertRelabelConfigs:
name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }}
key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }}
{{- end }}
{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
{{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
containers:
{{- if .Values.prometheus.thanos.create }}
- name: thanos-sidecar
image: {{ template "kube-prometheus.prometheus.thanosImage" . }}
imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }}
args:
- sidecar
- --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }}
- --grpc-address=0.0.0.0:10901
- --http-address=0.0.0.0:10902
- --tsdb.path=/prometheus/
{{- if .Values.prometheus.thanos.objectStorageConfig }}
- --objstore.config=$(OBJSTORE_CONFIG)
{{- end }}
{{- if .Values.prometheus.thanos.extraArgs }}
{{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }}
{{- end }}
{{- if .Values.prometheus.thanos.objectStorageConfig }}
env:
- name: OBJSTORE_CONFIG
valueFrom:
secretKeyRef:
name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }}
key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }}
{{- end }}
{{- if .Values.prometheus.thanos.resources }}
resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }}
{{- end }}
ports:
- name: thanos
containerPort: 10901
protocol: TCP
- name: http
containerPort: 10902
protocol: TCP
volumeMounts:
- mountPath: /prometheus
name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db
{{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }}
subPath: prometheus-db
{{- end }}
{{- if .Values.prometheus.thanos.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.prometheus.thanos.containerSecurityContext.enabled }}
# yamllint disable rule:indentation
securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }}
# yamllint enable rule:indentation
{{- end }}
{{- if .Values.prometheus.thanos.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.prometheus.thanos.livenessProbe.path }}
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.prometheus.thanos.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.prometheus.thanos.readinessProbe.path }}
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }}
## This monkey patching is needed until the securityContexts are
## directly patchable via the CRD.
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
## currently implemented with strategic merge
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
- name: prometheus
{{- if .Values.prometheus.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.prometheus.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.prometheus.livenessProbe.path }}
port: main
scheme: HTTP
initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.prometheus.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.prometheus.readinessProbe.path }}
port: main
scheme: HTTP
initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
## This monkey patching is needed until the securityContexts are
## directly patchable via the CRD.
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
## currently implemented with strategic merge
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
- name: config-reloader
{{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }}
livenessProbe:
tcpSocket:
port: reloader-web
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: reloader-web
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.containers }}
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.priorityClassName }}
priorityClassName: {{ .Values.prometheus.priorityClassName }}
{{- end }}
{{- end }}
{{- end }}

29
core/prometheus/1.1.73/templates/prometheus/_servicemonitor.tpl
View File

@ -1,29 +0,0 @@
{{- define "prometheus.prometheus.servicemonitor" -}}
{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.prometheus.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
endpoints:
- port: http
{{- if .Values.prometheus.serviceMonitor.interval }}
interval: {{ .Values.prometheus.serviceMonitor.interval }}
{{- end }}
path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics
{{- if .Values.prometheus.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.prometheus.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

41
core/prometheus/1.1.73/templates/prometheus/clusterrole.yaml
View File

@ -1,41 +0,0 @@
{{- if .Values.prometheus.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kube-prometheus.prometheus.fullname" . }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs:
- "get"
- "list"
- "watch"
- apiGroups:
- extensions
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- "/metrics"
verbs:
- "get"
{{- end }}

15
core/prometheus/1.1.73/templates/prometheus/clusterrolebinding.yaml
View File

@ -1,15 +0,0 @@
{{- if .Values.prometheus.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kube-prometheus.prometheus.fullname" . }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kube-prometheus.prometheus.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

12
core/prometheus/1.1.73/templates/prometheus/serviceaccount.yaml
View File

@ -1,12 +0,0 @@
{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
{{- if index .Values.prometheus.serviceAccount "annotations" }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- include "kube-prometheus.imagePullSecrets" . }}
{{- end }}

0
core/prometheus/1.1.73/values.yaml
View File

99
core/traefik/10.0.10/CHANGELOG.md
View File

@ -1,99 +0,0 @@
# Changelog<br>
<a name="traefik-10.0.10"></a>
### [traefik-10.0.10](https://github.com/truecharts/apps/compare/traefik-10.0.9...traefik-10.0.10) (2021-11-14)
#### Chore
* move traefik and k8s gateway to core train
<a name="traefik-10.0.9"></a>
### [traefik-10.0.9](https://github.com/truecharts/apps/compare/traefik-10.0.8...traefik-10.0.9) (2021-11-09)
#### Chore
* update non-major deps helm releases ([#1297](https://github.com/truecharts/apps/issues/1297))
* update non-major ([#1296](https://github.com/truecharts/apps/issues/1296))
<a name="traefik-10.0.8"></a>
### [traefik-10.0.8](https://github.com/truecharts/apps/compare/traefik-10.0.7...traefik-10.0.8) (2021-11-07)
#### Chore
* update non-major deps helm releases ([#1295](https://github.com/truecharts/apps/issues/1295))
<a name="traefik-10.0.6"></a>
### [traefik-10.0.6](https://github.com/truecharts/apps/compare/traefik-10.0.5...traefik-10.0.6) (2021-11-07)
#### Fix
* Don't try to run udp services under SCALE (we don't actively test it anyway)
<a name="traefik-10.0.5"></a>
### [traefik-10.0.5](https://github.com/truecharts/apps/compare/traefik-10.0.4...traefik-10.0.5) (2021-11-07)
#### Chore
* update non-major deps helm releases ([#1291](https://github.com/truecharts/apps/issues/1291))
#### Chore
* Simplify GUI for deployment, persistence and securityContext ([#1289](https://github.com/truecharts/apps/issues/1289))
#### Feat
* Simplify the Services GUI ([#1290](https://github.com/truecharts/apps/issues/1290))
#### Fix
* prevent duplicate port use and fix some questions.yaml mistakes
<a name="traefik-10.0.4"></a>
### [traefik-10.0.4](https://github.com/truecharts/apps/compare/traefik-10.0.3...traefik-10.0.4) (2021-11-02)
#### Chore
* update non-major deps helm releases ([#1267](https://github.com/truecharts/apps/issues/1267))
<a name="traefik-10.0.3"></a>
### [traefik-10.0.3](https://github.com/truecharts/apps/compare/traefik-10.0.2...traefik-10.0.3) (2021-11-01)
#### Chore
* update non-major deps helm releases ([#1264](https://github.com/truecharts/apps/issues/1264))
<a name="traefik-10.0.2"></a>
### [traefik-10.0.2](https://github.com/truecharts/apps/compare/traefik-10.0.1...traefik-10.0.2) (2021-10-26)
#### Chore
* update non-major deps helm releases ([#1245](https://github.com/truecharts/apps/issues/1245))
<a name="traefik-10.0.1"></a>
### [traefik-10.0.1](https://github.com/truecharts/apps/compare/traefik-10.0.0...traefik-10.0.1) (2021-10-26)
#### Chore
* update helm chart common to v8.3.15 ([#1240](https://github.com/truecharts/apps/issues/1240))
<a name="traefik-10.0.0"></a>
### [traefik-10.0.0](https://github.com/truecharts/apps/compare/traefik-9.0.19...traefik-10.0.0) (2021-10-25)

8
core/traefik/10.0.10/CONFIG.md
View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

6
core/traefik/10.0.10/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org
version: 8.5.6
digest: sha256:c711d63142ad5cb07c166f67914dfd8af0624873e5b4a28e06a758fca11525e8
generated: "2021-11-14T10:46:16.319201197Z"

30
core/traefik/10.0.10/Chart.yaml
View File

@ -1,30 +0,0 @@
apiVersion: v2
appVersion: "2.5.4"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.5.6
deprecated: false
description: Test App for Traefik
home: https://github.com/truecharts/apps/tree/master/charts/stable/traefik
icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
keywords:
- traefik
- ingress
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: truecharts.org
name: traefik
sources:
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
- https://traefik.io/
type: application
version: 10.0.10
annotations:
truecharts.org/catagories: |
- network
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

39
core/traefik/10.0.10/README.md
View File

@ -1,39 +0,0 @@
# Introduction
Test App for Traefik
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
## Source Code
* <https://github.com/traefik/traefik>
* <https://github.com/traefik/traefik-helm-chart>
* <https://traefik.io/>
## Requirements
Kubernetes: `>=1.16.0-0`
## Dependencies
| Repository | Name | Version |
|------------|------|---------|
| https://truecharts.org | common | 8.5.6 |
## Installing the Chart
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
## Uninstalling the Chart
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
## Support
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
- See the [Wiki](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
---
All Rights Reserved - The TrueCharts Project

3
core/traefik/10.0.10/app-readme.md
View File

@ -1,3 +0,0 @@
Test App for Traefik
This App is supplied by TrueCharts, for more information please visit https://truecharts.org

BIN
core/traefik/10.0.10/charts/common-8.5.6.tgz
View File

Binary file not shown.

198
core/traefik/10.0.10/crds/ingressroute.yaml
View File

@ -1,198 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRoute
listKind: IngressRouteList
plural: ingressroutes
singular: ingressroute
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRoute is an Ingress CRD specification.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IngressRouteSpec is a specification for a IngressRouteSpec
resource.
properties:
entryPoints:
items:
type: string
type: array
routes:
items:
description: Route contains the set of routes.
properties:
kind:
enum:
- Rule
type: string
match:
type: string
middlewares:
items:
description: MiddlewareRef is a ref to the Middleware resources.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: array
priority:
type: integer
services:
items:
description: Service defines an upstream to proxy traffic.
properties:
kind:
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The
differentiation between the two is specified in the
Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration
based on cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name
references a TraefikService object (and to be precise,
one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
required:
- kind
- match
type: object
type: array
tls:
description: "TLS contains the TLS certificates configuration of the
routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in
YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
# block format"
properties:
certResolver:
type: string
domains:
items:
description: Domain holds a domain name with SANs.
properties:
main:
type: string
sans:
items:
type: string
type: array
type: object
type: array
options:
description: Options is a reference to a TLSOption, that specifies
the parameters of the TLS connection.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
description: Store is a reference to a TLSStore, that specifies
the parameters of the TLS store.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: object
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

160
core/traefik/10.0.10/crds/ingressroutetcp.yaml
View File

@ -1,160 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRouteTCP
listKind: IngressRouteTCPList
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteTCP is an Ingress CRD specification.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec
resource.
properties:
entryPoints:
items:
type: string
type: array
routes:
items:
description: RouteTCP contains the set of routes.
properties:
match:
type: string
middlewares:
description: Middlewares contains references to MiddlewareTCP
resources.
items:
description: ObjectReference is a generic reference to a Traefik
resource.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: array
services:
items:
description: ServiceTCP defines an upstream to proxy traffic.
properties:
name:
type: string
namespace:
type: string
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
proxyProtocol:
description: ProxyProtocol holds the ProxyProtocol configuration.
properties:
version:
type: integer
type: object
terminationDelay:
type: integer
weight:
type: integer
required:
- name
- port
type: object
type: array
required:
- match
type: object
type: array
tls:
description: "TLSTCP contains the TLS certificates configuration of
the routes. To enable Let's Encrypt, use an empty TLS struct, e.g.
in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
# block format"
properties:
certResolver:
type: string
domains:
items:
description: Domain holds a domain name with SANs.
properties:
main:
type: string
sans:
items:
type: string
type: array
type: object
type: array
options:
description: Options is a reference to a TLSOption, that specifies
the parameters of the TLS connection.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
passthrough:
type: boolean
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
description: Store is a reference to a TLSStore, that specifies
the parameters of the TLS store.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: object
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

84
core/traefik/10.0.10/crds/ingressrouteudp.yaml
View File

@ -1,84 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: ingressrouteudps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: IngressRouteUDP
listKind: IngressRouteUDPList
plural: ingressrouteudps
singular: ingressrouteudp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteUDP is an Ingress CRD specification.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec
resource.
properties:
entryPoints:
items:
type: string
type: array
routes:
items:
description: RouteUDP contains the set of routes.
properties:
services:
items:
description: ServiceUDP defines an upstream to proxy traffic.
properties:
name:
type: string
namespace:
type: string
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
weight:
type: integer
required:
- name
- port
type: object
type: array
type: object
type: array
required:
- routes
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

563
core/traefik/10.0.10/crds/middlewares.yaml
View File

@ -1,563 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: Middleware
listKind: MiddlewareList
plural: middlewares
singular: middleware
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Middleware is a specification for a Middleware resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MiddlewareSpec holds the Middleware configuration.
properties:
addPrefix:
description: AddPrefix holds the AddPrefix configuration.
properties:
prefix:
type: string
type: object
basicAuth:
description: BasicAuth holds the HTTP basic authentication configuration.
properties:
headerField:
type: string
realm:
type: string
removeHeader:
type: boolean
secret:
type: string
type: object
buffering:
description: Buffering holds the request/response buffering configuration.
properties:
maxRequestBodyBytes:
format: int64
type: integer
maxResponseBodyBytes:
format: int64
type: integer
memRequestBodyBytes:
format: int64
type: integer
memResponseBodyBytes:
format: int64
type: integer
retryExpression:
type: string
type: object
chain:
description: Chain holds a chain of middlewares.
properties:
middlewares:
items:
description: MiddlewareRef is a ref to the Middleware resources.
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
type: array
type: object
circuitBreaker:
description: CircuitBreaker holds the circuit breaker configuration.
properties:
expression:
type: string
type: object
compress:
description: Compress holds the compress configuration.
properties:
excludedContentTypes:
items:
type: string
type: array
type: object
contentType:
description: ContentType middleware - or rather its unique `autoDetect`
option - specifies whether to let the `Content-Type` header, if
it has not been set by the backend, be automatically set to a value
derived from the contents of the response. As a proxy, the default
behavior should be to leave the header alone, regardless of what
the backend did with it. However, the historic default was to always
auto-detect and set the header if it was nil, and it is going to
be kept that way in order to support users currently relying on
it. This middleware exists to enable the correct behavior until
at least the default one can be changed in a future version.
properties:
autoDetect:
type: boolean
type: object
digestAuth:
description: DigestAuth holds the Digest HTTP authentication configuration.
properties:
headerField:
type: string
realm:
type: string
removeHeader:
type: boolean
secret:
type: string
type: object
errors:
description: ErrorPage holds the custom error page configuration.
properties:
query:
type: string
service:
description: Service defines an upstream to proxy traffic.
properties:
kind:
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service object
(for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for the
forward of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
type: integer
required:
- name
type: object
status:
items:
type: string
type: array
type: object
forwardAuth:
description: ForwardAuth holds the http forward authentication configuration.
properties:
address:
type: string
authRequestHeaders:
items:
type: string
type: array
authResponseHeaders:
items:
type: string
type: array
authResponseHeadersRegex:
type: string
tls:
description: ClientTLS holds TLS specific configurations as client.
properties:
caOptional:
type: boolean
caSecret:
type: string
certSecret:
type: string
insecureSkipVerify:
type: boolean
type: object
trustForwardHeader:
type: boolean
type: object
headers:
description: Headers holds the custom header configuration.
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials is only valid if true.
false is ignored.
type: boolean
accessControlAllowHeaders:
description: AccessControlAllowHeaders must be used in response
to a preflight request with Access-Control-Request-Headers set.
items:
type: string
type: array
accessControlAllowMethods:
description: AccessControlAllowMethods must be used in response
to a preflight request with Access-Control-Request-Method set.
items:
type: string
type: array
accessControlAllowOriginList:
description: AccessControlAllowOriginList is a list of allowable
origins. Can also be a wildcard origin "*".
items:
type: string
type: array
accessControlAllowOriginListRegex:
description: AccessControlAllowOriginListRegex is a list of allowable
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
items:
type: string
type: array
accessControlExposeHeaders:
description: AccessControlExposeHeaders sets valid headers for
the response.
items:
type: string
type: array
accessControlMaxAge:
description: AccessControlMaxAge sets the time that a preflight
request may be cached.
format: int64
type: integer
addVaryHeader:
description: AddVaryHeader controls if the Vary header is automatically
added/updated when the AccessControlAllowOriginList is set.
type: boolean
allowedHosts:
items:
type: string
type: array
browserXssFilter:
type: boolean
contentSecurityPolicy:
type: string
contentTypeNosniff:
type: boolean
customBrowserXSSValue:
type: string
customFrameOptionsValue:
type: string
customRequestHeaders:
additionalProperties:
type: string
type: object
customResponseHeaders:
additionalProperties:
type: string
type: object
featurePolicy:
type: string
forceSTSHeader:
type: boolean
frameDeny:
type: boolean
hostsProxyHeaders:
items:
type: string
type: array
isDevelopment:
type: boolean
publicKey:
type: string
referrerPolicy:
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
type: string
sslProxyHeaders:
additionalProperties:
type: string
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
stsIncludeSubdomains:
type: boolean
stsPreload:
type: boolean
stsSeconds:
format: int64
type: integer
type: object
inFlightReq:
description: InFlightReq limits the number of requests being processed
and served concurrently.
properties:
amount:
format: int64
type: integer
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If none
are set, the default is to use the request's remote address
field. All fields are mutually exclusive.
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
properties:
depth:
type: integer
excludedIPs:
items:
type: string
type: array
type: object
requestHeaderName:
type: string
requestHost:
type: boolean
type: object
type: object
ipWhiteList:
description: IPWhiteList holds the ip white list configuration.
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
properties:
depth:
type: integer
excludedIPs:
items:
type: string
type: array
type: object
sourceRange:
items:
type: string
type: array
type: object
passTLSClientCert:
description: PassTLSClientCert holds the TLS client cert headers configuration.
properties:
info:
description: TLSClientCertificateInfo holds the client TLS certificate
info configuration.
properties:
issuer:
description: TLSCLientCertificateDNInfo holds the client TLS
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
properties:
commonName:
type: boolean
country:
type: boolean
domainComponent:
type: boolean
locality:
type: boolean
organization:
type: boolean
province:
type: boolean
serialNumber:
type: boolean
type: object
notAfter:
type: boolean
notBefore:
type: boolean
sans:
type: boolean
serialNumber:
type: boolean
subject:
description: TLSCLientCertificateDNInfo holds the client TLS
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
properties:
commonName:
type: boolean
country:
type: boolean
domainComponent:
type: boolean
locality:
type: boolean
organization:
type: boolean
province:
type: boolean
serialNumber:
type: boolean
type: object
type: object
pem:
type: boolean
type: object
plugin:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
type: object
rateLimit:
description: RateLimit holds the rate limiting configuration for a
given router.
properties:
average:
format: int64
type: integer
burst:
format: int64
type: integer
period:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If none
are set, the default is to use the request's remote address
field. All fields are mutually exclusive.
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
properties:
depth:
type: integer
excludedIPs:
items:
type: string
type: array
type: object
requestHeaderName:
type: string
requestHost:
type: boolean
type: object
type: object
redirectRegex:
description: RedirectRegex holds the redirection configuration.
properties:
permanent:
type: boolean
regex:
type: string
replacement:
type: string
type: object
redirectScheme:
description: RedirectScheme holds the scheme redirection configuration.
properties:
permanent:
type: boolean
port:
type: string
scheme:
type: string
type: object
replacePath:
description: ReplacePath holds the ReplacePath configuration.
properties:
path:
type: string
type: object
replacePathRegex:
description: ReplacePathRegex holds the ReplacePathRegex configuration.
properties:
regex:
type: string
replacement:
type: string
type: object
retry:
description: Retry holds the retry configuration.
properties:
attempts:
type: integer
initialInterval:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
type: object
stripPrefix:
description: StripPrefix holds the StripPrefix configuration.
properties:
forceSlash:
type: boolean
prefixes:
items:
type: string
type: array
type: object
stripPrefixRegex:
description: StripPrefixRegex holds the StripPrefixRegex configuration.
properties:
regex:
items:
type: string
type: array
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

59
core/traefik/10.0.10/crds/middlewarestcp.yaml
View File

@ -1,59 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: middlewaretcps.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: MiddlewareTCP
listKind: MiddlewareTCPList
plural: middlewaretcps
singular: middlewaretcp
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MiddlewareTCP is a specification for a MiddlewareTCP resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.
properties:
ipWhiteList:
description: TCPIPWhiteList holds the TCP ip white list configuration.
properties:
sourceRange:
items:
type: string
type: array
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

101
core/traefik/10.0.10/crds/serverstransports.yaml
View File

@ -1,101 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: serverstransports.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: ServersTransport
listKind: ServersTransportList
plural: serverstransports
singular: serverstransport
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ServersTransport is a specification for a ServersTransport resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ServersTransportSpec options to configure communication between
Traefik and the servers.
properties:
certificatesSecrets:
description: Certificates for mTLS.
items:
type: string
type: array
disableHTTP2:
description: Disable HTTP/2 for connections with backend servers.
type: boolean
forwardingTimeouts:
description: Timeouts for requests forwarded to the backend servers.
properties:
dialTimeout:
anyOf:
- type: integer
- type: string
description: The amount of time to wait until a connection to
a backend server can be established. If zero, no timeout exists.
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
- type: integer
- type: string
description: The maximum period for which an idle HTTP keep-alive
connection will remain open before closing itself.
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
- type: integer
- type: string
description: The amount of time to wait for a server's response
headers after fully writing the request (including its body,
if any). If zero, no timeout exists.
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
description: Disable SSL certificate verification.
type: boolean
maxIdleConnsPerHost:
description: If non-zero, controls the maximum idle (keep-alive) to
keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
type: integer
rootCAsSecrets:
description: Add cert file for self-signed certificate.
items:
type: string
type: array
serverName:
description: ServerName used to contact the server.
type: string
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

87
core/traefik/10.0.10/crds/tlsoptions.yaml
View File

@ -1,87 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TLSOption
listKind: TLSOptionList
plural: tlsoptions
singular: tlsoption
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TLSOption is a specification for a TLSOption resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSOptionSpec configures TLS for an entry point.
properties:
cipherSuites:
items:
type: string
type: array
clientAuth:
description: ClientAuth defines the parameters of the client authentication
part of the TLS connection, if any.
properties:
clientAuthType:
description: ClientAuthType defines the client authentication
type to apply.
enum:
- NoClientCert
- RequestClientCert
- VerifyClientCertIfGiven
- RequireAndVerifyClientCert
type: string
secretNames:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
items:
type: string
type: array
type: object
curvePreferences:
items:
type: string
type: array
maxVersion:
type: string
minVersion:
type: string
preferServerCipherSuites:
type: boolean
sniStrict:
type: boolean
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

64
core/traefik/10.0.10/crds/tlsstores.yaml
View File

@ -1,64 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: tlsstores.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TLSStore
listKind: TLSStoreList
plural: tlsstores
singular: tlsstore
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TLSStore is a specification for a TLSStore resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TLSStoreSpec configures a TLSStore resource.
properties:
defaultCertificate:
description: DefaultCertificate holds a secret name for the TLSOption
resource.
properties:
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
required:
- secretName
type: object
required:
- defaultCertificate
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

270
core/traefik/10.0.10/crds/traefikservices.yaml
View File

@ -1,270 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: traefikservices.traefik.containo.us
spec:
group: traefik.containo.us
names:
kind: TraefikService
listKind: TraefikServiceList
plural: traefikservices
singular: traefikservice
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TraefikService is the specification for a service (that an IngressRoute
refers to) that is usually not a terminal service (i.e. not a pod of servers),
as opposed to a Kubernetes Service. That is to say, it usually refers to
other (children) services, which themselves can be TraefikServices or Services.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ServiceSpec defines whether a TraefikService is a load-balancer
of services or a mirroring service.
properties:
mirroring:
description: Mirroring defines a mirroring service, which is composed
of a main load-balancer, and a list of mirrors.
properties:
kind:
enum:
- Service
- TraefikService
type: string
maxBodySize:
format: int64
type: integer
mirrors:
items:
description: MirrorService defines one of the mirrors of a Mirroring
service.
properties:
kind:
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
percent:
type: integer
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
name:
description: Name is a reference to a Kubernetes Service object
(for a load-balancer of servers), or to a TraefikService object
(service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for the forward
of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based on
cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
type: integer
required:
- name
type: object
weighted:
description: WeightedRoundRobin defines a load-balancer of services.
properties:
services:
items:
description: Service defines an upstream to proxy traffic.
properties:
kind:
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
type: string
namespace:
type: string
passHostHeader:
type: boolean
port:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
properties:
flushInterval:
type: string
type: object
scheme:
type: string
serversTransport:
type: string
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
strategy:
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
sticky:
description: Sticky holds the sticky configuration.
properties:
cookie:
description: Cookie holds the sticky configuration based on
cookie.
properties:
httpOnly:
type: boolean
name:
type: string
sameSite:
type: string
secure:
type: boolean
type: object
type: object
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

48
core/traefik/10.0.10/helm-values.md
View File

@ -1,48 +0,0 @@
# Default Helm-Values
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
Most of our Apps also consume our "common" Helm Chart.
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| additionalArguments[0] | string | `"--metrics.prometheus"` | |
| additionalArguments[1] | string | `"--ping"` | |
| additionalArguments[2] | string | `"--serverstransport.insecureskipverify=true"` | |
| additionalArguments[3] | string | `"--providers.kubernetesingress.allowexternalnameservices=true"` | |
| globalArguments[0] | string | `"--global.checknewversion"` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"traefik"` | |
| image.tag | string | `"v2.5.4@sha256:87863e384e0a6466bd88fe6295b5d76d26f4280d95cb58af91d8fc7160e35a50"` | |
| ingressClass | object | `{"enabled":false,"fallbackApiVersion":"","isDefaultClass":false}` | Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x |
| ingressRoute | object | `{"dashboard":{"annotations":{},"enabled":true,"labels":{}}}` | Create an IngressRoute for the dashboard |
| logs | object | `{"access":{"enabled":false,"fields":{"general":{"defaultmode":"keep","names":{}},"headers":{"defaultmode":"drop","names":{}}},"filters":{}},"general":{"level":"ERROR"}}` | Logs https://docs.traefik.io/observability/logs/ |
| metrics.prometheus.entryPoint | string | `"metrics"` | |
| middlewares | object | `{"basicAuth":[],"chain":[],"forwardAuth":[],"ipWhiteList":[],"rateLimit":[],"redirectRegex":[],"redirectScheme":[]}` | SCALE Middleware Handlers |
| pilot | object | `{"enabled":false,"token":""}` | Activate Pilot integration |
| portalhook.enabled | bool | `true` | |
| probes.liveness | object | See below | Liveness probe configuration |
| probes.liveness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
| probes.liveness.type | string | "TCP" | sets the probe type when not using a custom probe |
| probes.readiness | object | See below | Redainess probe configuration |
| probes.readiness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
| probes.readiness.type | string | "TCP" | sets the probe type when not using a custom probe |
| probes.startup | object | See below | Startup probe configuration |
| probes.startup.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
| probes.startup.type | string | "TCP" | sets the probe type when not using a custom probe |
| providers.kubernetesCRD.enabled | bool | `true` | |
| providers.kubernetesCRD.namespaces | list | `[]` | |
| providers.kubernetesIngress.enabled | bool | `true` | |
| providers.kubernetesIngress.namespaces | list | `[]` | |
| providers.kubernetesIngress.publishedService.enabled | bool | `true` | |
| rbac | object | `{"enabled":true,"rules":[{"apiGroups":[""],"resources":["services","endpoints","secrets"],"verbs":["get","list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses","ingressclasses"],"verbs":["get","list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses/status"],"verbs":["update"]},{"apiGroups":["traefik.containo.us"],"resources":["ingressroutes","ingressroutetcps","ingressrouteudps","middlewares","middlewaretcps","tlsoptions","tlsstores","traefikservices","serverstransports"],"verbs":["get","list","watch"]}]}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
| service | object | `{"main":{"enabled":true,"ports":{"main":{"enabled":true,"port":9000,"protocol":"HTTP","targetPort":9000}},"type":"LoadBalancer"},"metrics":{"enabled":true,"ports":{"metrics":{"enabled":true,"port":9100,"protocol":"HTTP","targetPort":9100}},"type":"LoadBalancer"},"tcp":{"enabled":true,"ports":{"web":{"enabled":true,"port":9080,"protocol":"HTTP","redirectTo":"websecure"},"websecure":{"enabled":true,"port":9443,"protocol":"HTTPS"}},"type":"LoadBalancer"},"udp":{"enabled":false}}` | Options for the main traefik service, where the entrypoints traffic comes from from. |
| serviceAccount | object | `{"create":true}` | The service account the pods will use to interact with the Kubernetes API |
| tlsOptions | object | `{"default":{"cipherSuites":["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305","TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","TLS_CHACHA20_POLY1305_SHA256"],"curvePreferences":["CurveP521","CurveP384"],"minVersion":"VersionTLS12","sniStrict":false}}` | TLS Options to be created as TLSOption CRDs https://doc.traefik.io/traefik/https/tls/#tls-options Example: |
All Rights Reserved - The TrueCharts Project

312
core/traefik/10.0.10/ix_values.yaml
View File

@ -1,312 +0,0 @@
# Default values for Traefik
image:
repository: traefik
# defaults to appVersion
tag: v2.5.4@sha256:87863e384e0a6466bd88fe6295b5d76d26f4280d95cb58af91d8fc7160e35a50
pullPolicy: IfNotPresent
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
ingressClass:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled: false
isDefaultClass: false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
fallbackApiVersion: ""
# -- Activate Pilot integration
pilot:
enabled: false
token: ""
# Toggle Pilot Dashboard
# dashboard: false
# -- Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
#
# -- Configure providers
providers:
kubernetesCRD:
enabled: true
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: true
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
# -- Logs
# https://docs.traefik.io/observability/logs/
logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
access:
# To enable access logs
enabled: false
# By default, logs are written using the Common Log Format (CLF).
# To write logs in JSON, use json in the format option.
# If the given format is unsupported, the default (CLF) is used instead.
# format: json
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names: {}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names: {}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
metrics:
# datadog:
# address: 127.0.0.1:8125
# influxdb:
# address: localhost:8089
# protocol: udp
prometheus:
entryPoint: metrics
# statsd:
# address: localhost:8125
globalArguments:
- "--global.checknewversion"
##
# -- Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
- "--metrics.prometheus"
- "--ping"
- "--serverstransport.insecureskipverify=true"
- "--providers.kubernetesingress.allowexternalnameservices=true"
# -- TLS Options to be created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
tlsOptions:
default:
sniStrict: false
minVersion: VersionTLS12
curvePreferences:
- CurveP521
- CurveP384
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
# -- Options for the main traefik service, where the entrypoints traffic comes from
# from.
service:
main:
enabled: true
type: LoadBalancer
ports:
main:
enabled: true
port: 9000
targetPort: 9000
protocol: HTTP
tcp:
enabled: true
type: LoadBalancer
ports:
web:
enabled: true
port: 9080
protocol: HTTP
redirectTo: websecure
websecure:
enabled: true
port: 9443
protocol: HTTPS
# tcpexample:
# enabled: true
# targetPort: 9443
# protocol: TCP
# tls:
# enabled: false
# # this is the name of a TLSOption definition
# options: ""
# certResolver: ""
# domains: []
# # - main: example.com
# # sans:
# # - foo.example.com
# # - bar.example.com
metrics:
enabled: true
type: LoadBalancer
ports:
metrics:
enabled: true
port: 9100
targetPort: 9100
protocol: HTTP
udp:
enabled: false
probes:
# -- Liveness probe configuration
# @default -- See below
liveness:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# -- Redainess probe configuration
# @default -- See below
readiness:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# -- Startup probe configuration
# @default -- See below
startup:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
create: true
# -- SCALE Middleware Handlers
middlewares:
basicAuth: []
# - name: basicauthexample
# users:
# - username: testuser
# password: testpassword
forwardAuth: []
# - name: forwardAuthexample
# address: https://auth.example.com/
# authResponseHeaders:
# - X-Secret
# - X-Auth-User
# authRequestHeaders:
# - "Accept"
# - "X-CustomHeader"
# authResponseHeadersRegex: "^X-"
# trustForwardHeader: true
chain: []
# - name: chainname
# middlewares:
# - name: compress
redirectScheme: []
# - name: redirectSchemeName
# scheme: https
# permanent: true
rateLimit: []
# - name: rateLimitName
# average: 300
# burst: 200
redirectRegex: []
# - name: redirectRegexName
# regex: putregexhere
# replacement: replacementurlhere
# permanent: false
ipWhiteList: []
# - name: ipWhiteListName
# sourceRange: []
# ipStrategy:
# depth: 2
# excludedIPs: []
portalhook:
enabled: true

1684
core/traefik/10.0.10/questions.yaml
View File

File diff suppressed because it is too large Load Diff

141
core/traefik/10.0.10/templates/_args.tpl
View File

@ -1,141 +0,0 @@
{{/* Define the args */}}
{{- define "traefik.args" -}}
args:
{{/* merge all ports */}}
{{- $ports := dict }}
{{- range $.Values.service }}
{{- range $name, $value := .ports }}
{{- $_ := set $ports $name $value }}
{{- end }}
{{- end }}
{{/* start of actual arguments */}}
{{- with .Values.globalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- range $name, $config := $ports }}
{{- if $config }}
{{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
{{- $_ := set $config "protocol" "TCP" }}
{{- end }}
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
{{- end }}
{{- end }}
- "--api.dashboard=true"
- "--ping=true"
{{- if .Values.metrics }}
{{- if .Values.metrics.datadog }}
- "--metrics.datadog=true"
- "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
{{- end }}
{{- if .Values.metrics.influxdb }}
- "--metrics.influxdb=true"
- "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
- "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
{{- end }}
{{- if .Values.metrics.prometheus }}
- "--metrics.prometheus=true"
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
{{- end }}
{{- if .Values.metrics.statsd }}
- "--metrics.statsd=true"
- "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
{{- end }}
{{- end }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress"
{{- if and .Values.providers.kubernetesIngress.publishedService.enabled }}
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.labelSelector }}
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
{{- end }}
{{- end }}
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
{{- end }}
{{- end }}
{{- range $entrypoint, $config := $ports }}
{{- if $config.redirectTo }}
{{- $toPort := index $ports $config.redirectTo }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- end }}
{{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
{{- if $config.tls.options }}
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
{{- end }}
{{- if $config.tls.certResolver }}
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
{{- end }}
{{- if $config.tls.domains }}
{{- range $index, $domain := $config.tls.domains }}
{{- if $domain.main }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
{{- end }}
{{- if $domain.sans }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.logs }}
{{- if .general.format }}
- "--log.format={{ .general.format }}"
{{- end }}
{{- if ne .general.level "ERROR" }}
- "--log.level={{ .general.level | upper }}"
{{- end }}
{{- if .access.enabled }}
- "--accesslog=true"
{{- if .access.format }}
- "--accesslog.format={{ .access.format }}"
{{- end }}
{{- if .access.bufferingsize }}
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
{{- end }}
{{- if .access.filters }}
{{- if .access.filters.statuscodes }}
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
{{- end }}
{{- if .access.filters.retryattempts }}
- "--accesslog.filters.retryattempts"
{{- end }}
{{- if .access.filters.minduration }}
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
{{- end }}
{{- end }}
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.pilot.enabled }}
- "--pilot.token={{ .Values.pilot.token }}"
{{- end }}
{{- if hasKey .Values.pilot "dashboard" }}
- "--pilot.dashboard={{ .Values.pilot.dashboard }}"
{{- end }}
{{- with .Values.additionalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

22
core/traefik/10.0.10/templates/_helpers.tpl
View File

@ -1,22 +0,0 @@
{{/*
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
By convention this will simply use the <namespace>/<service-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
*/}}
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
{{- $fullName := include "common.names.fullname" . -}}
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
{{- print $servicePath | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct a comma-separated list of whitelisted namespaces
*/}}
{{- define "providers.kubernetesIngress.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
{{- end -}}
{{- define "providers.kubernetesCRD.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
{{- end -}}

24
core/traefik/10.0.10/templates/_ingressclass.tpl
View File

@ -1,24 +0,0 @@
{{/* Define the ingressClass */}}
{{- define "traefik.ingressClass" -}}
{{- if .Values.ingressClass.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
apiVersion: networking.k8s.io/v1beta1
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
{{- else }}
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
{{- end }}
---
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
labels:
{{- include "common.labels" . | nindent 4 }}
name: {{ .Release.Name }}
spec:
controller: traefik.io/ingress-controller
{{- end }}
{{- end }}

25
core/traefik/10.0.10/templates/_ingressroute.tpl
View File

@ -1,25 +0,0 @@
{{/* Define the ingressRoute */}}
{{- define "traefik.ingressRoute" -}}
{{- if .Values.ingressRoute.dashboard.enabled }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ include "common.names.fullname" . }}-dashboard
annotations:
{{- with .Values.ingressRoute.dashboard.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "common.labels" . | nindent 4 }}
spec:
entryPoints:
- main
routes:
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
{{- end -}}
{{- end -}}

26
core/traefik/10.0.10/templates/_portalhook.tpl
View File

@ -1,26 +0,0 @@
{{/* Define the portalHook */}}
{{- define "traefik.portalhook" -}}
{{- if .Values.portalhook.enabled }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portalhook
namespace: {{ $namespace }}
data:
{{- $ports := dict }}
{{- range $.Values.service }}
{{- range $name, $value := .ports }}
{{- $_ := set $ports $name $value }}
{{- end }}
{{- end }}
{{- range $name, $value := $ports }}
{{ $name }}: {{ $value.port | quote }}
{{- end }}
{{- end }}
{{- end -}}

12
core/traefik/10.0.10/templates/_tlsoptions.tpl
View File

@ -1,12 +0,0 @@
{{/* Define the tlsOptions */}}
{{- define "traefik.tlsOptions" -}}
{{- range $name, $config := .Values.tlsOptions }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: {{ $name }}
spec:
{{- toYaml $config | nindent 2 }}
{{- end }}
{{- end -}}

24
core/traefik/10.0.10/templates/common.yaml
View File

@ -1,24 +0,0 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{- if .Values.metrics }}
{{- if .Values.metrics.prometheus }}
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "9100" -}}
{{- end }}
{{- end }}
{{- $newArgs := (include "traefik.args" . | fromYaml) }}
{{- $_ := set .Values "newArgs" $newArgs -}}
{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
{{- $_ := set .Values "args" $mergedargs -}}
{{- include "traefik.portalhook" . }}
{{- include "traefik.tlsOptions" . }}
{{- include "traefik.ingressRoute" . }}
{{- include "traefik.ingressClass" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

65
core/traefik/10.0.10/templates/middlewares/basic-middleware.yaml
View File

@ -1,65 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: compress
namespace: {{ $namespace }}
spec:
compress: {}
---
# Here, an average of 300 requests per second is allowed.
# In addition, a burst of 200 requests is allowed.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basic-ratelimit
namespace: {{ $namespace }}
spec:
rateLimit:
average: 300
burst: 200
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basic-secure-headers
namespace: {{ $namespace }}
spec:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
accessControlMaxAge: 100
sslRedirect: true
stsSeconds: 63072000
# stsIncludeSubdomains: false
# stsPreload: false
forceSTSHeader: true
contentTypeNosniff: true
browserXssFilter: true
sslForceHost: true
referrerPolicy: same-origin
customRequestHeaders:
X-Forwarded-Proto: "https"
customResponseHeaders:
X-Robots-Tag: 'none'
server: ''
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: chain-basic
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: basic-ratelimit
- name: basic-secure-headers
- name: compress

34
core/traefik/10.0.10/templates/middlewares/basicauth.yaml
View File

@ -1,34 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
---
{{- $users := list }}
{{ range $index, $userdata := $middlewareData.users }}
{{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }}
{{ end }}
apiVersion: v1
kind: Secret
metadata:
name: {{printf "%v-%v" $middlewareData.name "secret" }}
namespace: {{ $namespace }}
type: Opaque
stringData:
users: |
{{- range $index, $user := $users }}
{{ printf "%s" $user }}
{{- end }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
basicAuth:
secret: {{printf "%v-%v" $middlewareData.name "secret" }}
{{ end }}

21
core/traefik/10.0.10/templates/middlewares/chain.yaml
View File

@ -1,21 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.chain }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
chain:
middlewares:
{{ range $index, $chainData := . }}
- name: {{ printf "%v-%v@%v" $namespace $chainData.name "kubernetescrd" }}
{{ end }}
{{ end }}

30
core/traefik/10.0.10/templates/middlewares/forwardauth.yaml
View File

@ -1,30 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
forwardAuth:
address: {{ $middlewareData.address }}
{{- with $middlewareData.authResponseHeaders }}
authResponseHeaders:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $middlewareData.authRequestHeaders }}
authRequestHeaders:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if $middlewareData.authResponseHeadersRegex }}
authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
{{- end }}
{{- if $middlewareData.trustForwardHeader }}
trustForwardHeader: true
{{- end }}
{{ end }}

33
core/traefik/10.0.10/templates/middlewares/ipwhitelist.yaml
View File

@ -1,33 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
ipWhiteList:
sourceRange:
{{- range $middlewareData.sourceRange }}
- {{ . }}
{{- end }}
{{- if $middlewareData.ipStrategy }}
ipStrategy:
{{- if $middlewareData.ipStrategy.depth }}
depth: {{ $middlewareData.ipStrategy.depth }}
{{- end }}
{{- if $middlewareData.ipStrategy.excludedIPs }}
excludedIPs:
{{- range $middlewareData.ipStrategy.excludedIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}
{{ end }}

19
core/traefik/10.0.10/templates/middlewares/ratelimit.yaml
View File

@ -1,19 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
rateLimit:
average: {{ $middlewareData.average }}
burst: {{ $middlewareData.burst }}
{{ end }}

19
core/traefik/10.0.10/templates/middlewares/redirectScheme.yaml
View File

@ -1,19 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
redirectScheme:
scheme: {{ $middlewareData.scheme }}
permanent: {{ $middlewareData.permanent }}
{{ end }}

20
core/traefik/10.0.10/templates/middlewares/redirectregex.yaml
View File

@ -1,20 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
redirectRegex:
regex: {{ $middlewareData.regex | quote }}
replacement: {{ $middlewareData.replacement | quote }}
permanent: {{ $middlewareData.replacement }}
{{ end }}

25
core/traefik/10.0.10/templates/middlewares/tc-nextcloud.yaml
View File

@ -1,25 +0,0 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-nextcloud-redirectregex-dav
namespace: {{ $namespace }}
spec:
redirectRegex:
regex: "https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-nextcloud-chain
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: tc-nextcloud-redirectregex-dav

0
core/traefik/10.0.10/values.yaml
View File

99
core/traefik/10.0.11/CHANGELOG.md
View File

@ -1,99 +0,0 @@
# Changelog<br>
<a name="traefik-10.0.11"></a>
### [traefik-10.0.11](https://github.com/truecharts/apps/compare/traefik-10.0.10...traefik-10.0.11) (2021-11-14)
#### Chore
* move port above advanced in GUI ([#1326](https://github.com/truecharts/apps/issues/1326))
* clean up Chart.yaml ([#1322](https://github.com/truecharts/apps/issues/1322))
* update non-major deps helm releases ([#1328](https://github.com/truecharts/apps/issues/1328))
* update non-major ([#1327](https://github.com/truecharts/apps/issues/1327))
<a name="traefik-10.0.10"></a>
### [traefik-10.0.10](https://github.com/truecharts/apps/compare/traefik-10.0.9...traefik-10.0.10) (2021-11-14)
#### Chore
* move traefik and k8s gateway to core train
<a name="traefik-10.0.9"></a>
### [traefik-10.0.9](https://github.com/truecharts/apps/compare/traefik-10.0.8...traefik-10.0.9) (2021-11-09)
#### Chore
* update non-major deps helm releases ([#1297](https://github.com/truecharts/apps/issues/1297))
* update non-major ([#1296](https://github.com/truecharts/apps/issues/1296))
<a name="traefik-10.0.8"></a>
### [traefik-10.0.8](https://github.com/truecharts/apps/compare/traefik-10.0.7...traefik-10.0.8) (2021-11-07)
#### Chore
* update non-major deps helm releases ([#1295](https://github.com/truecharts/apps/issues/1295))
<a name="traefik-10.0.6"></a>
### [traefik-10.0.6](https://github.com/truecharts/apps/compare/traefik-10.0.5...traefik-10.0.6) (2021-11-07)
#### Fix
* Don't try to run udp services under SCALE (we don't actively test it anyway)
<a name="traefik-10.0.5"></a>
### [traefik-10.0.5](https://github.com/truecharts/apps/compare/traefik-10.0.4...traefik-10.0.5) (2021-11-07)
#### Chore
* update non-major deps helm releases ([#1291](https://github.com/truecharts/apps/issues/1291))
#### Chore
* Simplify GUI for deployment, persistence and securityContext ([#1289](https://github.com/truecharts/apps/issues/1289))
#### Feat
* Simplify the Services GUI ([#1290](https://github.com/truecharts/apps/issues/1290))
#### Fix
* prevent duplicate port use and fix some questions.yaml mistakes
<a name="traefik-10.0.4"></a>
### [traefik-10.0.4](https://github.com/truecharts/apps/compare/traefik-10.0.3...traefik-10.0.4) (2021-11-02)
#### Chore
* update non-major deps helm releases ([#1267](https://github.com/truecharts/apps/issues/1267))
<a name="traefik-10.0.3"></a>
### [traefik-10.0.3](https://github.com/truecharts/apps/compare/traefik-10.0.2...traefik-10.0.3) (2021-11-01)
#### Chore
* update non-major deps helm releases ([#1264](https://github.com/truecharts/apps/issues/1264))
<a name="traefik-10.0.2"></a>
### [traefik-10.0.2](https://github.com/truecharts/apps/compare/traefik-10.0.1...traefik-10.0.2) (2021-10-26)
#### Chore
* update non-major deps helm releases ([#1245](https://github.com/truecharts/apps/issues/1245))

8
core/traefik/10.0.11/CONFIG.md
View File

@ -1,8 +0,0 @@
# Configuration Options
##### Connecting to other apps
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
##### Available config options
In the future this page is going to contain an automated list of options available in the installation/edit UI.

Some files were not shown because too many files have changed in this diff Show More