Charts CI

```
Updated:
  kasten/k10:
    - 6.5.14
```

charts/kasten/k10/Chart.lock

@@ -6,4 +6,4 @@ dependencies:
   repository: ""
   version: 25.18.0
 digest: sha256:e35117c8aba9f6bde24ae45b5e05b0342b03029dfb2676236c389572cc502066
-generated: "2024-05-03T18:14:59.697223332Z"
+generated: "2024-05-18T05:55:02.501542941Z"

charts/kasten/k10/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/kube-version: '>= 1.17.0-0'
   catalog.cattle.io/release-name: k10
 apiVersion: v2
-appVersion: 6.5.13
+appVersion: 6.5.14
 dependencies:
 - condition: grafana.enabled
   name: grafana
@@ -21,4 +21,4 @@ maintainers:
 - email: [email protected]
   name: kastenIO
 name: k10
-version: 6.5.1301
+version: 6.5.1401

charts/kasten/k10/README.md

@@ -57,9 +57,9 @@ Parameter | Description | Default
 `eula.company` | Company name. Required field if EULA is accepted | `None`
 `eula.email` | Contact email. Required field if EULA is accepted | `None`
 `license` | License string obtained from Kasten | `None`
-`rbac.create` | Whether to enable RBAC with a specific cluster role and binding for K10  | `true`
-`scc.create` | Whether to create a SecurityContextConstraints for K10 ServiceAccounts  | `false`
-`scc.priority` | Sets the SecurityContextConstraints priority  | `15`
+`rbac.create` | Whether to enable RBAC with a specific cluster role and binding for K10 | `true`
+`scc.create` | Whether to create a SecurityContextConstraints for K10 ServiceAccounts | `false`
+`scc.priority` | Sets the SecurityContextConstraints priority | `15`
 `services.dashboardbff.hostNetwork` | Whether the dashboardbff pods may use the node network | `false`
 `services.executor.hostNetwork` | Whether the executor pods may use the node network | `false`
 `services.executor.workerCount` | Specifies count of running executor workers | 8
@@ -86,7 +86,7 @@ Parameter | Description | Default
 `ingress.defaultBackend.resource.apiGroup` | Optional API group of a resource backing the default backend. | `''`
 `ingress.defaultBackend.resource.kind` | The type of a resource being referenced by the default backend (required if the resource default backend is used). | `None`
 `ingress.defaultBackend.resource.name` | The name of a resource being referenced by the default backend (required if the resource default backend is used). | `None`
-`global.persistence.size` | Default global size of volumes for K10 persistent services  | `20Gi`
+`global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi`
 `global.persistence.catalog.size` | Size of a volume for catalog service  | `global.persistence.size`
 `global.persistence.jobs.size` | Size of a volume for jobs service  | `global.persistence.size`
 `global.persistence.logging.size` | Size of a volume for logging service  | `global.persistence.size`
@@ -173,7 +173,7 @@ Parameter | Description | Default
 `auth.ldap.host` | Host and optional port of the AD/LDAP server in the form `host:port` | `None`
 `auth.ldap.insecureNoSSL` | Required if the AD/LDAP host is not using TLS | `false`
 `auth.ldap.insecureSkipVerifySSL` | To turn off SSL verification of connections to the AD/LDAP host | `false`
-`auth.ldap.startTLS` | When set to true, ldap:// is used to connect to the server followed by creation of a TLS session. When set to false, ldaps:// is used.  | `false`
+`auth.ldap.startTLS` | When set to true, ldap:// is used to connect to the server followed by creation of a TLS session. When set to false, ldaps:// is used. | `false`
 `auth.ldap.bindDN` | The Distinguished Name(username) used for connecting to the AD/LDAP host | `None`
 `auth.ldap.bindPW` | The password corresponding to the `bindDN` for connecting to the AD/LDAP host | `None`
 `auth.ldap.bindPWSecretName` | The name of the secret that contains the password corresponding to the `bindDN` for connecting to the AD/LDAP host | `None`
@@ -257,7 +257,7 @@ Parameter | Description | Default
 `limiter.csiSnapshots` | Limit of concurrent CSI snapshot create operations | `10`
 `limiter.providerSnapshots` | Limit of concurrent cloud provider create operations | `10`
 `limiter.imageCopies` | Limit of concurrent image copy operations | `10`
-`cluster.domainName` | Specifies the domain name of the cluster | `cluster.local`
+`cluster.domainName` | Specifies the domain name of the cluster | `""`
 `kanister.backupTimeout` | Specifies timeout to set on Kanister backup operations | `45`
 `kanister.restoreTimeout` | Specifies timeout to set on Kanister restore operations | `600`
 `kanister.deleteTimeout` | Specifies timeout to set on Kanister delete operations | `45`
@@ -284,7 +284,7 @@ Parameter | Description | Default
 `defaultPriorityClassName` | Specifies the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for all K10 deployments and ephemeral pods | `None`
 `priorityClassName.<deploymentName>` | Overrides the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for the specified deployment | `{}`
 `ephemeralPVCOverhead` | Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. PVC size = (file raw size) * (1 + `ephemeralPVCOverhead`) | `0.1`
-
+`datastore.parallelUploads` | Specifies how many files can be uploaded in parallel to the data store | `8`
 ## Helm tips and tricks
 
 There is a way of setting values via a yaml file instead of using `--set`.

charts/kasten/k10/charts/grafana/templates/deployment.yaml

@@ -32,6 +32,7 @@ spec:
         {{- with .Values.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- include "k10.azMarketPlace.billingIdentifier" . }}
       annotations:
         checksum/config: {{ include "grafana.configData" . | sha256sum }}
         {{- if .Values.dashboards }}

charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml

@@ -34,6 +34,7 @@ spec:
         {{- with .Values.imageRenderer.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- include "k10.azMarketPlace.billingIdentifier" . }}
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         {{- with .Values.imageRenderer.podAnnotations }}

charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/deployment.yaml

@@ -23,6 +23,7 @@ spec:
       {{- end }}
       labels:
         {{- include "prometheus-pushgateway.defaultLabels" . | nindent 8 }}
+        {{- include "k10.azMarketPlace.billingIdentifier" . }}
     spec:
       {{- include "prometheus-pushgateway.podSpec" . | nindent 6 }}
 {{- end }}

charts/kasten/k10/charts/prometheus/templates/deploy.yaml

@@ -32,6 +32,7 @@ spec:
         {{- if .Values.server.podLabels}}
         {{ toYaml .Values.server.podLabels | nindent 8 }}
         {{- end}}
+        {{- include "k10.azMarketPlace.billingIdentifier" . }}
     spec:
 {{- if .Values.server.priorityClassName }}
       priorityClassName: "{{ .Values.server.priorityClassName }}"

charts/kasten/k10/templates/_definitions.tpl

@@ -35,8 +35,8 @@ crypto:
 dashboardbff:
 - vbrintegrationapi
 state:
-- events
 - admin
+- events
 {{- end -}}
 {{- define "k10.aggregatedAPIs" -}}actions apps repositories vault{{- end -}}
 {{- define "k10.configAPIs" -}}config{{- end -}}
@@ -214,7 +214,7 @@ state-svc:
 {{- define "k10.aggAuditPolicyFile" -}}agg-audit-policy.yaml{{- end -}}
 {{- define "k10.siemAuditLogFilePath" -}}-{{- end -}}
 {{- define "k10.siemAuditLogFileSize" -}}100{{- end -}}
-{{- define "k10.kanisterToolsImageTag" -}}0.107.0{{- end -}}
+{{- define "k10.kanisterToolsImageTag" -}}0.108.0{{- end -}}
 {{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}}
 {{- define "k10.openShiftClientSecretEnvVar" -}}K10_OPENSHIFT_CLIENT_SECRET{{- end -}}
 {{- define "k10.defaultK10DefaultPriorityClassName" -}}{{- end -}}

charts/kasten/k10/templates/_helpers.tpl

@@ -119,6 +119,8 @@
   {{- $fips := .Values.fips | default dict -}}
   {{- if $fips.enabled -}}
     {{- $internal_capabilities = append $internal_capabilities "fips.strict" -}}
+    {{- $internal_capabilities = append $internal_capabilities "crypto.storagerepository.v2" -}}
+    {{- $internal_capabilities = append $internal_capabilities "crypto.vbr.v2" -}}
   {{- end -}}
 
   {{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}}
@@ -281,6 +283,10 @@ external-dns.alpha.kubernetes.io/hostname: {{ .Values.externalGateway.fqdn.name
 Prometheus scrape config template for k10 services
 */}}
 {{- define "k10.prometheusScrape" -}}
+{{- $cluster_domain := "" -}}
+{{- with .main.Values.cluster.domainName -}}
+  {{- $cluster_domain = printf ".%s" . -}}
+{{- end -}}
 {{- $admin_port := default 8877 .main.Values.service.gatewayAdminPort -}}
 - job_name: {{ .k10service }}
   metrics_path: /metrics
@@ -295,13 +301,13 @@ Prometheus scrape config template for k10 services
   static_configs:
     - targets:
       {{- if eq "gateway" .k10service }}
-      - {{ .k10service }}-admin.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $admin_port }}
+      - {{ .k10service }}-admin.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:{{ $admin_port }}
       {{- else if eq "aggregatedapis" .k10service }}
-      - {{ .k10service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:443
+      - {{ .k10service }}-svc.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:443
       {{- else }}
       {{- $service := default .k10service (index (include "get.enabledColocatedServices" . | fromYaml) .k10service).primary }}
       {{- $port := default .main.Values.service.externalPort (index (include "get.enabledColocatedServices" . | fromYaml) .k10service).port }}
-      - {{ $service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $port }}
+      - {{ $service }}-svc.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:{{ $port }}
       {{- end }}
       labels:
         application: {{ .main.Release.Name }}
@@ -312,6 +318,10 @@ Prometheus scrape config template for k10 services
 Prometheus scrape config template for k10 services
 */}}
 {{- define "k10.prometheusTargetConfig" -}}
+{{- $cluster_domain := "" -}}
+{{- with .main.Values.cluster.domainName -}}
+  {{- $cluster_domain = printf ".%s" . -}}
+{{- end -}}
 {{- $admin_port := default 8877 .main.Values.service.gatewayAdminPort | toString -}}
 - service: {{ .k10service }}
   metricsPath: /metrics
@@ -326,15 +336,15 @@ Prometheus scrape config template for k10 services
   {{- $serviceFqdn := "" }}
   {{- $servicePort := "" }}
   {{- if eq "gateway" .k10service -}}
-    {{- $serviceFqdn = printf "%s-admin.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}}
+    {{- $serviceFqdn = printf "%s-admin.%s.svc%s" .k10service .main.Release.Namespace $cluster_domain -}}
     {{- $servicePort = $admin_port -}}
   {{- else if eq "aggregatedapis" .k10service -}}
-    {{- $serviceFqdn = printf "%s-svc.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}}
+    {{- $serviceFqdn = printf "%s-svc.%s.svc%s" .k10service .main.Release.Namespace $cluster_domain -}}
     {{- $servicePort = "443" -}}
   {{- else -}}
     {{- $service := default .k10service (index (include "get.enabledColocatedServices" .main | fromYaml) .k10service).primary -}}
     {{- $port := default .main.Values.service.externalPort (index (include "get.enabledColocatedServices" .main | fromYaml) .k10service).port | toString -}}
-    {{- $serviceFqdn = printf "%s-svc.%s.svc.%s" $service .main.Release.Namespace .main.Values.cluster.domainName -}}
+    {{- $serviceFqdn = printf "%s-svc.%s.svc%s" $service .main.Release.Namespace $cluster_domain -}}
     {{- $servicePort = $port -}}
   {{- end }}
   fqdn: {{ $serviceFqdn }}
@@ -406,6 +416,8 @@ images or not
 {{- define "dex.dexImageRepo" -}}
   {{- if .Values.global.airgapped.repository }}
     {{- printf "%s/%s" .Values.global.airgapped.repository (include "dex.dexImageName" .) }}
+  {{- else if .Values.global.azMarketPlace }}
+    {{- printf "%s/%s" .Values.global.azure.images.dex.registry .Values.global.azure.images.dex.image }}
   {{- else }}
     {{- printf "%s/%s" .Values.global.image.registry (include "dex.dexImageName" .) }}
   {{- end }}
@@ -416,7 +428,11 @@ images or not
 {{- end -}}
 
 {{- define "dex.dexImageTag" -}}
+ {{- if .Values.global.azMarketPlace }}
+    {{- print .Values.global.azure.images.dex.tag }}
+ {{- else }}
   {{- .Values.global.image.tag | default .Chart.AppVersion }}
+ {{- end -}}
 {{- end -}}
 
 {{/*
@@ -441,6 +457,8 @@ Get the emissary image.
 {{- define "k10.emissaryImageRepo" -}}
   {{- if .Values.global.airgapped.repository }}
     {{- printf "%s/%s" .Values.global.airgapped.repository (include "k10.emissaryImageName" .) }}
+  {{- else if .Values.global.azMarketPlace }}
+    {{- printf "%s/%s" .Values.global.azure.images.emissary.registry .Values.global.azure.images.emissary.image }}
   {{- else }}
     {{- printf "%s/%s" .Values.global.image.registry (include "k10.emissaryImageName" .) }}
   {{- end }}
@@ -451,7 +469,11 @@ Get the emissary image.
 {{- end -}}
 
 {{- define "k10.emissaryImageTag" -}}
-  {{- include "get.k10ImageTag" . }}
+  {{- if .Values.global.azMarketPlace }}
+    {{- print .Values.global.azure.images.emissary.tag }}
+  {{- else }}
+    {{- include "get.k10ImageTag" . }}
+  {{- end }}
 {{- end -}}
 
 {{/*
@@ -522,6 +544,8 @@ Get the kanister-tools image.
 {{- define "kan.kanisterToolsImageRepo" -}}
   {{- if .Values.global.airgapped.repository }}
     {{- printf "%s/%s" .Values.global.airgapped.repository (include "kan.kanisterToolsImageName" .) }}
+  {{- else if .Values.global.azMarketPlace }}
+    {{- printf "%s/%s" .Values.global.azure.images.kanistertools.registry .Values.global.azure.images.kanistertools.image }}
   {{- else }}
     {{- printf "%s/%s" .Values.global.image.registry (include "kan.kanisterToolsImageName" .) }}
   {{- end }}
@@ -532,7 +556,11 @@ Get the kanister-tools image.
 {{- end -}}
 
 {{- define "kan.kanisterToolsImageTag" -}}
-  {{- include "get.k10ImageTag" . }}
+ {{- if .Values.global.azMarketPlace }}
+    {{- print .Values.global.azure.images.kanistertools.tag }}
+  {{- else }}
+    {{- include "get.k10ImageTag" . }}
+  {{- end }}
 {{- end -}}
 
 {{/*
@@ -1074,6 +1102,8 @@ running in the same cluster.
 {{- define "init.ImageRepo" -}}
   {{- if .Values.global.airgapped.repository }}
     {{- printf "%s/%s" .Values.global.airgapped.repository (include "init.ImageName" .) }}
+  {{- else if .main.Values.global.azMarketPlace }}
+    {{- printf "%s/%s" .Values.global.azure.images.init.registry .Values.global.azure.images.init.image }}
   {{- else }}
     {{- printf "%s/%s" .Values.global.image.registry (include "init.ImageName" .) }}
   {{- end }}
@@ -1216,20 +1246,6 @@ running in the same cluster.
   {{- end -}}
 {{- end -}}
 
-{{/* Fail if FIPS is enabled and auth.ldap is turned on  */}}
-{{- define "k10.fail.fipsDexAuthLDAP" -}}
-  {{- if and ((.Values.fips | default dict).enabled) (.Values.auth.ldap.enabled) -}}
-    {{- fail "fips.enabled and auth.ldap.enabled cannot both be enabled at the same time" -}}
-  {{- end -}}
-{{- end -}}
-
-{{/* Fail if FIPS is enabled and auth.openshift is turned on  */}}
-{{- define "k10.fail.fipsDexAuthOpenshift" -}}
-  {{- if and ((.Values.fips | default dict).enabled) (.Values.auth.openshift.enabled) -}}
-    {{- fail "fips.enabled and auth.openshift.enabled cannot both be enabled at the same time" -}}
-  {{- end -}}
-{{- end -}}
-
 {{/* Check to see whether SIEM logging is enabled */}}
 {{- define "k10.siemEnabled" -}}
   {{- if or .Values.siem.logging.cluster.enabled .Values.siem.logging.cloud.awsS3.enabled -}}
@@ -1271,3 +1287,12 @@ the Microsoft Go toolchain and Red Hat's OpenSSL.
 - name: OPENSSL_FORCE_FIPS_MODE
   value: "1"
 {{- end }}
+
+{{/*
+Returns a billing identifier label to be added to workloads for azure marketplace offer
+*/}}
+{{- define "k10.azMarketPlace.billingIdentifier" -}}
+ {{- if .Values.global.azMarketPlace }}
+        azure-extensions-usage-release-identifier: {{.Release.Name}}
+ {{- end }}
+{{- end }}