Charts CI

```
Updated:
  crowdstrike/falcon-sensor:
    - 1.27.1
  haproxy/haproxy:
    - 1.39.2
  jenkins/jenkins:
    - 5.1.7
  redpanda/redpanda:
    - 5.8.2
  speedscale/speedscale-operator:
    - 2.1.288
```

charts/crowdstrike/falcon-sensor/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>1.22.0-0'
   catalog.cattle.io/release-name: falcon-sensor
 apiVersion: v2
-appVersion: 1.26.1
+appVersion: 1.27.1
 description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
 home: https://crowdstrike.com
 icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
@@ -24,4 +24,4 @@ name: falcon-sensor
 sources:
 - https://github.com/CrowdStrike/falcon-helm
 type: application
-version: 1.26.1
+version: 1.27.1

charts/crowdstrike/falcon-sensor/README.md

@@ -29,10 +29,8 @@ The Falcon Helm chart has been tested to deploy on the following Kubernetes dist
 
 | Helm chart Version      | Falcon Sensor Version             |
 |:------------------------|:----------------------------------|
-| `<= 1.6.x`              | `<= 6.34.x`                       |
-| `>= 1.7.x && <= 1.17.x` | `>= 6.35.x && < 6.49.x`           |
-| `>= 1.18.x`             | `>= 6.49.x`                       |
-| `>= 1.19.x`             | `>= 6.54.x`                       |
+| `<= 1.26.x`             | `< 7.05.x`                        |
+| `>= 1.27.x`             | `>= 7.06.x`                       |
 
 # Installation
 

charts/crowdstrike/falcon-sensor/templates/container_secret.yaml

@@ -12,7 +12,7 @@ data:
 type: kubernetes.io/dockerconfigjson
 {{- if or .Values.container.image.pullSecrets.namespaces .Values.container.image.pullSecrets.allNamespaces }}
 {{- $name := ( .Values.container.image.pullSecrets.name | default (printf "%s-pull-secret" (include "falcon-sensor.fullname" .))) }}
-{{- $myns := split "," .Values.container.image.pullSecrets.namespaces -}}
+{{- $myns := split "," .Values.container.image.pullSecrets.namespaces | default "" -}}
 {{- if .Values.container.image.pullSecrets.allNamespaces }}
 {{- $myns = list -}}
 {{- range $index, $ns := (lookup "v1" "Namespace" "" "").items -}}

charts/crowdstrike/falcon-sensor/templates/daemonset.yaml

@@ -96,18 +96,11 @@ spec:
         imagePullPolicy: "{{ .Values.node.image.pullPolicy }}"
         command:
           - /bin/bash
-        {{- if .Values.node.gke.autopilot }}
         args:
           - '-c'
           - >-
             echo "Running /opt/CrowdStrike/falcon-daemonset-init -i";
             /opt/CrowdStrike/falcon-daemonset-init -i
-        {{- else }}
-        args: ['-c', 'if [ -x "/opt/CrowdStrike/falcon-daemonset-init" ]; then echo "Running falcon-daemonset-init -i" ; /opt/CrowdStrike/falcon-daemonset-init -i ; else if [ -d "/host_opt/CrowdStrike/falconstore" ] ; then echo "Re-creating /opt/CrowdStrike/falconstore as it is a directory instead of a file"; rm -rf /host_opt/CrowdStrike/falconstore; fi; mkdir -p /host_opt/CrowdStrike && touch /host_opt/CrowdStrike/falconstore; fi']
-        volumeMounts:
-          - name: falconstore-dir
-            mountPath: /host_opt
-        {{- end }}
         {{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
         resources:
           requests:
@@ -178,12 +171,6 @@ spec:
           - name: falconstore
             mountPath: /opt/CrowdStrike/falconstore
       volumes:
-      {{- if not .Values.node.gke.autopilot }}
-        - name: falconstore-dir
-          hostPath:
-            path: /opt
-            type: DirectoryOrCreate
-      {{- end }}
         - name: falconstore
           hostPath:
             path: /opt/CrowdStrike/falconstore

charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.node.enabled }}
+{{- if and .Values.node.enabled .Values.node.hooks.postDelete.enabled }}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -88,18 +88,11 @@ spec:
         imagePullPolicy: "{{ .Values.node.image.pullPolicy }}"
         command:
           - /bin/bash
-        {{- if .Values.node.gke.autopilot }}
         args:
           - '-c'
           - >-
             echo "Running /opt/CrowdStrike/falcon-daemonset-init -u";
             /opt/CrowdStrike/falcon-daemonset-init -u
-        {{- else }}
-        args: ['-c', 'if [ -x "/opt/CrowdStrike/falcon-daemonset-init" ]; then echo "Running /opt/CrowdStrike/falcon-daemonset-init -u"; /opt/CrowdStrike/falcon-daemonset-init -u ; else rm -rf "/host_opt/CrowdStrike"; fi']
-        volumeMounts:
-          - name: opt-crowdstrike
-            mountPath: /host_opt
-        {{- end }}
         {{- if or .Values.node.gke.autopilot .Values.node.daemonset.resources }}
         resources:
           requests:
@@ -150,12 +143,6 @@ spec:
           privileged: false
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: true
-      {{- if not .Values.node.gke.autopilot }}
-      volumes:
-      - name: opt-crowdstrike
-        hostPath:
-          path: /opt
-      {{- end }}
       serviceAccountName: {{ .Values.serviceAccount.name }}-node-cleanup
       terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriod }}
       hostPID: true

charts/crowdstrike/falcon-sensor/templates/node_secret_cleanup.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.node.enabled }}
+{{- if and .Values.node.enabled .Values.node.hooks.postDelete.enabled }}
 {{- if .Values.node.image.registryConfigJSON }}
 {{- $registry := .Values.node.image.registryConfigJSON }}
 apiVersion: v1

charts/crowdstrike/falcon-sensor/templates/serviceaccount_cleanup.yaml

@@ -1,3 +1,4 @@
+{{- if and .Values.node.enabled .Values.node.hooks.postDelete.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -10,4 +11,5 @@ metadata:
     helm.sh/chart: {{ include "falcon-sensor.chart" . }}
   annotations:
     "helm.sh/hook": post-delete
-    "helm.sh/hook-weight": "0"
+    "helm.sh/hook-weight": "0"
+{{- end }}

charts/crowdstrike/falcon-sensor/values.schema.json

@@ -255,6 +255,20 @@
                     "type": "integer",
                     "default": "30",
                     "pattern": "^[0-9]+$"
+                },
+                "hooks": {
+                    "type": "object",
+                    "properties": {
+                        "postDelete": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean",
+                                    "default": "true"
+                                }
+                            }
+                        }
+                    }
                 }
             }
         },

charts/crowdstrike/falcon-sensor/values.yaml

@@ -99,6 +99,11 @@ node:
   # How long to wait for Falcon pods to stop gracefully
   terminationGracePeriod: 30
 
+  hooks:
+    # Settings for the node post-delete helm hook
+    postDelete:
+      enabled: true
+
 container:
   # When enabled, Helm chart deploys the Falcon Container Sensor to Pods through Webhooks
   enabled: false
@@ -188,7 +193,7 @@ container:
       # list. For example:
       #
       # namespaces: ns1,ns2,ns3
-      namespaces:
+      namespaces: ""
 
       # Attempt to create the Falcon sensor pull secret in all Namespaces
       # instead of using "container.image.pullSecrets.namespaces"

charts/haproxy/haproxy/Chart.yaml

@@ -1,6 +1,6 @@
 annotations:
   artifacthub.io/changes: |
-    - Remove techdump toggle entirely
+    - Allow setting resources requests or limits on crdjob (#236)
   catalog.cattle.io/certified: partner
   catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
   catalog.cattle.io/kube-version: '>=1.23.0-0'
@@ -21,4 +21,4 @@ name: haproxy
 sources:
 - https://github.com/haproxytech/kubernetes-ingress
 type: application
-version: 1.39.1
+version: 1.39.2

charts/haproxy/haproxy/templates/controller-crdjob.yaml

@@ -89,6 +89,8 @@ spec:
             seccompProfile:
               type: RuntimeDefault
             {{- end }}
+          resources:
+            {{- toYaml .Values.controller.resources | nindent 12 }}
           {{- end }}
       {{- with .Values.controller.nodeSelector }}
       nodeSelector:

charts/jenkins/jenkins/CHANGELOG.md

@@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
 The changelog until v1.5.7 was auto-generated based on git commits.
 Those entries include a reference to the git commit to be able to get more details.
 
+## 5.1.7
+
+Update `kubernetes` to version `4208.v4017b_a_27a_d67`
+
 ## 5.1.6
 
 Update `jenkins/jenkins` to version `2.440.3-jdk17`

charts/jenkins/jenkins/Chart.yaml

@@ -1,7 +1,7 @@
 annotations:
   artifacthub.io/category: integration-delivery
   artifacthub.io/changes: |
-    - Update `jenkins/jenkins` to version `2.440.3-jdk17`
+    - Update `kubernetes` to version `4208.v4017b_a_27a_d67`
   artifacthub.io/images: |
     - name: jenkins
       image: docker.io/jenkins/jenkins:2.440.3-jdk17
@@ -50,4 +50,4 @@ sources:
 - https://github.com/maorfr/kube-tasks
 - https://github.com/jenkinsci/configuration-as-code-plugin
 type: application
-version: 5.1.6
+version: 5.1.7

charts/jenkins/jenkins/VALUES.md

@@ -155,7 +155,7 @@ The following tables list the configurable parameters of the Jenkins chart and t
 | [controller.initializeOnce](./values.yaml#L414) | bool | Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true` | `false` |
 | [controller.installLatestPlugins](./values.yaml#L403) | bool | Download the minimum required version or latest version of all dependencies | `true` |
 | [controller.installLatestSpecifiedPlugins](./values.yaml#L406) | bool | Set to true to download the latest version of any plugin that is requested to have the latest version | `false` |
-| [controller.installPlugins](./values.yaml#L395) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4203.v1dd44f5b_1cf9","workflow-aggregator:596.v8c21c963d92d","git:5.2.1","configuration-as-code:1775.v810dc950b_514"]` |
+| [controller.installPlugins](./values.yaml#L395) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4208.v4017b_a_27a_d67","workflow-aggregator:596.v8c21c963d92d","git:5.2.1","configuration-as-code:1775.v810dc950b_514"]` |
 | [controller.javaOpts](./values.yaml#L156) | string | Append to `JAVA_OPTS` env var | `nil` |
 | [controller.jenkinsAdminEmail](./values.yaml#L96) | string | Email address for the administrator of the Jenkins instance | `nil` |
 | [controller.jenkinsHome](./values.yaml#L101) | string | Custom Jenkins home path | `"/var/jenkins_home"` |

charts/jenkins/jenkins/values.yaml

@@ -393,7 +393,7 @@ controller:
   # Plugins will be installed during Jenkins controller start
   # -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false`
   installPlugins:
-    - kubernetes:4203.v1dd44f5b_1cf9
+    - kubernetes:4208.v4017b_a_27a_d67
     - workflow-aggregator:596.v8c21c963d92d
     - git:5.2.1
     - configuration-as-code:1775.v810dc950b_514

charts/redpanda/redpanda/Chart.yaml

@@ -37,4 +37,4 @@ name: redpanda
 sources:
 - https://github.com/redpanda-data/helm-charts
 type: application
-version: 5.8.0
+version: 5.8.2

charts/redpanda/redpanda/README.md

@@ -3,7 +3,7 @@
 description: Find the default values and descriptions of settings in the Redpanda Helm chart.
 ---
 
-![Version: 5.8.0](https://img.shields.io/badge/Version-5.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v23.3.11](https://img.shields.io/badge/AppVersion-v23.3.11-informational?style=flat-square)
+![Version: 5.8.2](https://img.shields.io/badge/Version-5.8.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v23.3.11](https://img.shields.io/badge/AppVersion-v23.3.11-informational?style=flat-square)
 
 This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/redpanda/values.yaml). Each of the settings is listed and described on this page, along with any default values.
 
@@ -1010,7 +1010,7 @@ Persistence settings. For details, see the [storage documentation](https://docs.
 **Default:**
 
 ```
-{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_access_key":"","cloud_storage_api_endpoint":"","cloud_storage_azure_container":null,"cloud_storage_azure_shared_key":null,"cloud_storage_azure_storage_account":null,"cloud_storage_bucket":"","cloud_storage_cache_size":5368709120,"cloud_storage_credentials_source":"config_file","cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false,"cloud_storage_region":"","cloud_storage_secret_key":""},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"emptyDir","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}}
+{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_access_key":"","cloud_storage_api_endpoint":"","cloud_storage_azure_container":null,"cloud_storage_azure_managed_identity_id":null,"cloud_storage_azure_shared_key":null,"cloud_storage_azure_storage_account":null,"cloud_storage_bucket":"","cloud_storage_cache_size":5368709120,"cloud_storage_credentials_source":"config_file","cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false,"cloud_storage_region":"","cloud_storage_secret_key":""},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"emptyDir","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}}
 ```
 
 ### [storage.hostPath](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.hostPath)
@@ -1060,7 +1060,7 @@ Tiered Storage settings Requires `enterprise.licenseKey` or `enterprised.license
 **Default:**
 
 ```
-{"cloud_storage_access_key":"","cloud_storage_api_endpoint":"","cloud_storage_azure_container":null,"cloud_storage_azure_shared_key":null,"cloud_storage_azure_storage_account":null,"cloud_storage_bucket":"","cloud_storage_cache_size":5368709120,"cloud_storage_credentials_source":"config_file","cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false,"cloud_storage_region":"","cloud_storage_secret_key":""}
+{"cloud_storage_access_key":"","cloud_storage_api_endpoint":"","cloud_storage_azure_container":null,"cloud_storage_azure_managed_identity_id":null,"cloud_storage_azure_shared_key":null,"cloud_storage_azure_storage_account":null,"cloud_storage_bucket":"","cloud_storage_cache_size":5368709120,"cloud_storage_credentials_source":"config_file","cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false,"cloud_storage_region":"","cloud_storage_secret_key":""}
 ```
 
 ### [storage.tiered.config.cloud_storage_access_key](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_access_key)
@@ -1107,7 +1107,7 @@ Maximum size of the disk cache used by Tiered Storage. Default is 20 GiB. See th
 
 ### [storage.tiered.config.cloud_storage_credentials_source](https://artifacthub.io/packages/helm/redpanda-data/redpanda?modal=values&path=storage.tiered.config.cloud_storage_credentials_source)
 
-Source of credentials used to connect to cloud services (required for AWS and GCP authentication with IAM roles). * `config_file` * `aws_instance_metadata` * `sts` * `gcp_instance_metadata` See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_credentials_source).
+Source of credentials used to connect to cloud services (required for AWS and GCP authentication with IAM roles). * `config_file` * `aws_instance_metadata` * `sts` * `gcp_instance_metadata` * `azure_aks_oidc_federation` * `azure_vm_instance_metadata` See the [property reference documentation](https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_credentials_source).
 
 **Default:** `"config_file"`
 

charts/redpanda/redpanda/templates/_shims.tpl

@@ -1,4 +1,4 @@
-{{- /* Generated from "_shims.go" */ -}}
+{{- /* Generated from "bootstrap.go" */ -}}
 
 {{- define "_shims.typetest" -}}
 {{- $typ := (index .a 0) -}}
@@ -75,3 +75,29 @@
 {{- end -}}
 {{- end -}}
 
+{{- define "_shims.ptr_Deref" -}}
+{{- $ptr := (index .a 0) -}}
+{{- $def := (index .a 1) -}}
+{{- range $_ := (list 1) -}}
+{{- if (ne $ptr (coalesce nil)) -}}
+{{- (dict "r" $ptr) | toJson -}}
+{{- break -}}
+{{- end -}}
+{{- (dict "r" $def) | toJson -}}
+{{- break -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "_shims.ptr_Equal" -}}
+{{- $a := (index .a 0) -}}
+{{- $b := (index .a 1) -}}
+{{- range $_ := (list 1) -}}
+{{- if (and (eq $a (coalesce nil)) (eq $b (coalesce nil))) -}}
+{{- (dict "r" true) | toJson -}}
+{{- break -}}
+{{- end -}}
+{{- (dict "r" (eq $a $b)) | toJson -}}
+{{- break -}}
+{{- end -}}
+{{- end -}}
+

charts/redpanda/redpanda/templates/statefulset.yaml

@@ -106,6 +106,7 @@ spec:
           args:
             - -c
             - 'trap "exit 0" TERM; exec /etc/secrets/fs-validator/scripts/fsValidator.sh {{ .Values.statefulset.initContainers.fsValidator.expectedFS }} & wait $!'
+          securityContext: {{ include "container-security-context" . | nindent 12 }}
           volumeMounts: {{ include "common-mounts" . | nindent 12 }}
   {{- if dig "initContainers" "fsValidator" "extraVolumeMounts" false .Values.statefulset -}}
     {{ tpl .Values.statefulset.initContainers.fsValidator.extraVolumeMounts . | nindent 12 }}