diff --git a/charts/ping-devops/Chart.yaml b/charts/ping-devops/Chart.yaml index 3a03204e..b3fb0b92 100644 --- a/charts/ping-devops/Chart.yaml +++ b/charts/ping-devops/Chart.yaml @@ -4,11 +4,11 @@ apiVersion: v2 name: ping-devops ######################################################################## -# 0.9.13 - Refer to http://helm.pingidentity.com/release-notes/currentRelease +# 0.9.16 - Refer to http://helm.pingidentity.com/release-notes/currentRelease ######################################################################## -version: 0.9.13 -description: Ping Identity helm charts - 5/04/2023 +version: 0.9.16 +description: Ping Identity helm charts - 8/02/2023 type: application home: https://helm.pingidentity.com/ icon: https://helm.pingidentity.com/img/logos/ping.png -appVersion: "2304" +appVersion: "2307" diff --git a/charts/ping-devops/templates/pinglib/_hpa.tpl b/charts/ping-devops/templates/pinglib/_hpa.tpl index 8b3201ac..662fa5db 100644 --- a/charts/ping-devops/templates/pinglib/_hpa.tpl +++ b/charts/ping-devops/templates/pinglib/_hpa.tpl @@ -14,7 +14,7 @@ metadata: spec: scaleTargetRef: apiVersion: apps/v1 - kind: Deployment + kind: {{ $v.workload.type }} name: {{ include "pinglib.fullname" . }} minReplicas: {{ $v.clustering.autoscaling.minReplicas }} maxReplicas: {{ $v.clustering.autoscaling.maxReplicas }} diff --git a/charts/ping-devops/templates/pinglib/_workload.tpl b/charts/ping-devops/templates/pinglib/_workload.tpl index a96986f1..878f01c0 100644 --- a/charts/ping-devops/templates/pinglib/_workload.tpl +++ b/charts/ping-devops/templates/pinglib/_workload.tpl @@ -60,6 +60,10 @@ spec: {{- toYaml $v.workload.annotations | nindent 8 }} {{- end }} spec: + {{- with $v.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} terminationGracePeriodSeconds: {{ $v.container.terminationGracePeriodSeconds }} {{/* When a serviceaccount is being generated (either globally or for this specific workload) prefer that account to an account specified in the Vault values. */}} diff --git a/charts/ping-devops/values.yaml b/charts/ping-devops/values.yaml index 6d999d56..ae90b725 100644 --- a/charts/ping-devops/values.yaml +++ b/charts/ping-devops/values.yaml @@ -173,13 +173,23 @@ global: # path: /opt/in/some/location/secrets # file: devops-secret.env + ############################################################ + # @param global.imagePullSecrets Repository authentication using secret + # @desc defined as a docker-registry secret in Kubernetes. + # @default [] + # + # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ############################################################ + imagePullSecrets: [] + # - name: myregkeysecretname + ############################################################ # Image # # By default the images uses will be indicated by these # variables. An example might look like: # - # pingidentity/pingdataconsole:2304 (April, 2023) + # pingidentity/pingdataconsole:2307 (July, 2023) # # @param global.image.repository Default image registry # @desc is not the fully-qualified name of the image @@ -195,7 +205,7 @@ global: # @desc Example: image.name: pingfederate # # @param global.image.tag Default image tag - # @default 2304 + # @default 2307 # # @param global.image.pullPolicy Default image pull policy # @default IfNotPresent @@ -204,7 +214,7 @@ global: repository: pingidentity repositoryFqn: name: - tag: "2304" + tag: "2307" pullPolicy: IfNotPresent ############################################################ @@ -789,7 +799,7 @@ sidecars: {} # sidecars: # logger: # name: log-container -# image: pingidentity/pingtoolkit:2304 +# image: pingidentity/pingtoolkit:2307 # volumeMounts: # - mountPath: /tmp/logs/ # name: logger @@ -806,7 +816,7 @@ initContainers: {} # initContainers: # init-example: # name: 01-init -# image: pingidentity/pingtoolkit:2304 +# image: pingidentity/pingtoolkit:2307 # command: ['sh', '-c', 'echo "InitContainer 1"'] ############################################################# @@ -855,7 +865,7 @@ ldap-sdk-tools: name: ldap-sdk-tools repository: pingidentity repositoryFqn: - tag: "2304" + tag: "2307" pullPolicy: IfNotPresent container: @@ -1654,7 +1664,7 @@ pd-replication-timing: name: pingtoolkit repository: pingidentity repositoryFqn: - tag: "2304" + tag: "2307" pullPolicy: IfNotPresent envs: @@ -1676,7 +1686,7 @@ pingtoolkit: name: pingtoolkit repository: pingidentity repositoryFqn: - tag: "2304" + tag: "2307" pullPolicy: IfNotPresent ############################################################# diff --git a/docs/config/image.md b/docs/config/image.md index 0b8d5603..fd266916 100644 --- a/docs/config/image.md +++ b/docs/config/image.md @@ -11,8 +11,10 @@ global: image: repository: pingidentity name: # Set in product section - tag: 2201 + tag: 2307 pullPolicy: Always + imagePullSecrets: [] # As needed for authentication to private repositories + # - name: myregkeysecretname ``` ## Product Section @@ -33,4 +35,4 @@ pingaccess-admin: repository: my.company.docker-repo.com ``` - This would result in pulling a pingaccess image: `my.company.docker-repo.com/pingaccess:edge` + This snippet would result in pulling a PingAccess image: `my.company.docker-repo.com/pingaccess:edge` diff --git a/docs/config/private-cert.md b/docs/config/private-cert.md index e9a4d89a..91cfbe52 100644 --- a/docs/config/private-cert.md +++ b/docs/config/private-cert.md @@ -4,6 +4,9 @@ Generates a private certificate (.crt and .key) based on the internal hostname o ## Global Section +!!! Note + privateCert is currently only supported by PingAccess. + Default yaml defined in the global privateCert section. By default certificates will not be generated. It is advised to *NOT* generate internal certs at the global level, as many services don't need a private cert on the internal service. @@ -63,5 +66,5 @@ keystore.env. The default variables set are: * `PRIVATE_KEYSTORE_TYPE=pkcs12` * `PRIVATE_KEYSTORE={pkcs12 keystore}` -These environment variables can then be used in any server-profile artifacts to be replaced -when the images are started. +These environment variables are required in the `data.json.subst` file in-order to use the generated privateCert. They can be +used in any server-profile artifacts to be replaced when the images are started. \ No newline at end of file diff --git a/docs/config/supported-values.md b/docs/config/supported-values.md index 37c324a0..ed39cd99 100644 --- a/docs/config/supported-values.md +++ b/docs/config/supported-values.md @@ -34,7 +34,7 @@ overridden by default (workloads, services, etc.). | `global.image.repository` | Default image registry is not the fully-qualified name of the image Example: image.repository: pingidentity, docker.io, 123.dkr.ecr.us-west-1.amazonaws.com | `pingidentity` | | `global.image.repositoryFqn` | Docker image repository fully-qualified name. Overrides image.repository and image.name on the pod image spec Example: image.repositoryFqn: pingidentity/pingfederate, docker.io/my-pingfederate | | | `global.image.name` | Default image name MUST be set in child chart Example: image.name: pingfederate | | -| `global.image.tag` | Default image tag | `2304` | +| `global.image.tag` | Default image tag | `2307` | | `global.image.pullPolicy` | Default image pull policy | `IfNotPresent` | | `global.rbac.generateServiceAccount` | Set to true to generate a service account for the workload. | `false` | | `global.rbac.serviceAccountName` | Name of the service account that will be generated. The default value of "_defaultServiceAccountName_" will result in a service account named based on the Helm installation and the specific workload being deployed. If generateServiceAccount and generateGlobalServiceAccount are false, this value can also refer to a service account created outside of Helm. | `_defaultServiceAccountName_` | diff --git a/docs/index.yaml b/docs/index.yaml index 208613c7..dcb0f24f 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,6 +1,42 @@ apiVersion: v1 entries: ping-devops: + - apiVersion: v2 + appVersion: "2307" + created: "2023-08-02T09:41:23.772943-05:00" + description: Ping Identity helm charts - 8/02/2023 + digest: 05003c8a940a45f23b962dd21de06b3138c65f0ff38831ea78293c5d89cdd5f7 + home: https://helm.pingidentity.com/ + icon: https://helm.pingidentity.com/img/logos/ping.png + name: ping-devops + type: application + urls: + - https://github.com/pingidentity/helm-charts/releases/download/ping-devops-0.9.16/ping-devops-0.9.16.tgz + version: 0.9.16 + - apiVersion: v2 + appVersion: "2306" + created: "2023-07-13T12:26:17.124079-05:00" + description: Ping Identity helm charts - 7/13/2023 + digest: 9fce34526f5dda58b706c8825bf46d61d110df064c28db20567d9774492159c2 + home: https://helm.pingidentity.com/ + icon: https://helm.pingidentity.com/img/logos/ping.png + name: ping-devops + type: application + urls: + - https://github.com/pingidentity/helm-charts/releases/download/ping-devops-0.9.15/ping-devops-0.9.15.tgz + version: 0.9.15 + - apiVersion: v2 + appVersion: "2305" + created: "2023-06-02T13:51:22.790211-05:00" + description: Ping Identity helm charts - 6/02/2023 + digest: 3c4e3f5ec1fa7f6701dd727f192ff0462767af38ccf615016a81e807fae2af28 + home: https://helm.pingidentity.com/ + icon: https://helm.pingidentity.com/img/logos/ping.png + name: ping-devops + type: application + urls: + - https://github.com/pingidentity/helm-charts/releases/download/ping-devops-0.9.14/ping-devops-0.9.14.tgz + version: 0.9.14 - apiVersion: v2 appVersion: "2304" created: "2023-05-04T16:40:21.09632-05:00" @@ -972,4 +1008,4 @@ entries: urls: - https://github.com/pingidentity/helm-charts/releases/download/ping-devops-0.2.0/ping-devops-0.2.0.tgz version: 0.2.0 -generated: "2023-05-04T16:40:21.090967-05:00" +generated: "2023-08-02T09:41:23.767795-05:00" diff --git a/docs/release-notes/currentRelease.md b/docs/release-notes/currentRelease.md index c5716ac3..79d223d8 100644 --- a/docs/release-notes/currentRelease.md +++ b/docs/release-notes/currentRelease.md @@ -1,4 +1,4 @@ # Release Notes -## Release 0.9.13 (May 04, 2023) +## Release 0.9.16 (August 2, 2023) ### Features ### - - Updated default global image tag to `2304`. + - Updated default global image tag to `2307`. diff --git a/docs/release-notes/previousReleases.md b/docs/release-notes/previousReleases.md index 372f4b66..a88a13c1 100644 --- a/docs/release-notes/previousReleases.md +++ b/docs/release-notes/previousReleases.md @@ -1,4 +1,19 @@ # Release Notes +## Release 0.9.15 (July 13, 2023) +### Features ### + - Updated default global image tag to `2306`. + +### Enhancements ### + - Updated template to allow setting a custom workload type when using a HorizontalPodAutoscaler. + +## Release 0.9.14 (June 02, 2023) +### Features ### + - Updated default global image tag to `2305`. + +## Release 0.9.13 (May 04, 2023) +### Features ### + - Updated default global image tag to `2304`. + ## Release 0.9.12 (April 03, 2023) ### Features ### - Updated default global image tag to `2303`. diff --git a/helm-tests/template-tests/autoscaling.yaml b/helm-tests/template-tests/autoscaling.yaml index 63487065..7292a6fa 100644 --- a/helm-tests/template-tests/autoscaling.yaml +++ b/helm-tests/template-tests/autoscaling.yaml @@ -17,6 +17,8 @@ pingfederate-admin: pingfederate-engine: enabled: true + workload: + type: StatefulSet pingaccess-engine: enabled: true @@ -43,39 +45,63 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: autoscaling-pingfederate-admin +spec: + scaleTargetRef: + kind: Deployment --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: autoscaling-pingfederate-engine +spec: + scaleTargetRef: + kind: StatefulSet --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: autoscaling-pingaccess-engine +spec: + scaleTargetRef: + kind: Deployment --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: autoscaling-pingdataconsole +spec: + scaleTargetRef: + kind: Deployment --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: autoscaling-pingauthorize +spec: + scaleTargetRef: + kind: Deployment --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: autoscaling-pingauthorizepap +spec: + scaleTargetRef: + kind: Deployment --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: autoscaling-pingcentral +spec: + scaleTargetRef: + kind: Deployment --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: autoscaling-pingdelegator +spec: + scaleTargetRef: + kind: Deployment --- diff --git a/helm-tests/template-tests/imagePullSecrets.yaml b/helm-tests/template-tests/imagePullSecrets.yaml new file mode 100644 index 00000000..251773ff --- /dev/null +++ b/helm-tests/template-tests/imagePullSecrets.yaml @@ -0,0 +1,26 @@ +# This test covers including imagePullSecrets in your global values. + +### SECTION:PARAMETERS ### +# If the releaseName parameter is not set, then a default release name +# matching the name of the file (without the extension) will be used. +releaseName: imagepullsecrets +# Set skipTest to true to make the script skip this test +skipTest: false +### SECTION:VALUES ### +global: + imagePullSecrets: + - name: myregkeysecretname +pingdirectory: + enabled: true +### SECTION:EXPECTED ### +# Validate that imagePullSecrets is in the spec for the PD StatefulSet +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: imagepullsecrets-pingdirectory +spec: + template: + spec: + imagePullSecrets: + - name: myregkeysecretname +--- \ No newline at end of file