From 38be6c5dcd4ed7bff0c830d8eefe98962310c54d Mon Sep 17 00:00:00 2001 From: Khoi Pham Date: Mon, 20 Jan 2025 17:09:18 +0700 Subject: [PATCH 1/2] [bitnami/etcd] Add pre-upgrade hook (#31161) --- bitnami/etcd/CHANGELOG.md | 8 +- bitnami/etcd/Chart.yaml | 4 +- bitnami/etcd/README.md | 11 +- .../etcd/templates/preupgrade-hook-job.yaml | 173 ++++++++++++++++++ bitnami/etcd/templates/statefulset.yaml | 8 - bitnami/etcd/values.yaml | 13 +- 6 files changed, 190 insertions(+), 27 deletions(-) create mode 100644 bitnami/etcd/templates/preupgrade-hook-job.yaml diff --git a/bitnami/etcd/CHANGELOG.md b/bitnami/etcd/CHANGELOG.md index 3736b01f4aa133..ff340b883ef257 100644 --- a/bitnami/etcd/CHANGELOG.md +++ b/bitnami/etcd/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog -## 10.7.3 (2025-01-17) +## 11.0.0 (2025-01-20) -* [bitnami/etcd] Release 10.7.3 ([#31419](https://github.com/bitnami/charts/pull/31419)) +* [bitnami/etcd] Add pre-upgrade hook ([#31161](https://github.com/bitnami/charts/pull/31161)) + +## 10.7.3 (2025-01-17) + +* [bitnami/etcd] Release 10.7.3 (#31419) ([7ef8d56](https://github.com/bitnami/charts/commit/7ef8d562ec9953460d675b02cfbce336ab66bceb)), closes [#31419](https://github.com/bitnami/charts/issues/31419) ## 10.7.2 (2025-01-12) diff --git a/bitnami/etcd/Chart.yaml b/bitnami/etcd/Chart.yaml index cb95a7fa460e56..a0a2f012f9206f 100644 --- a/bitnami/etcd/Chart.yaml +++ b/bitnami/etcd/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: etcd - image: docker.io/bitnami/etcd:3.5.17-debian-12-r3 + image: docker.io/bitnami/etcd:3.5.17-debian-12-r4 - name: os-shell image: docker.io/bitnami/os-shell:12-debian-12-r35 apiVersion: v2 @@ -32,4 +32,4 @@ maintainers: name: etcd sources: - https://github.com/bitnami/charts/tree/main/bitnami/etcd -version: 10.7.3 +version: 11.0.0 diff --git a/bitnami/etcd/README.md b/bitnami/etcd/README.md index 25ffe0c920ff02..95a26fae2fcd8d 100644 --- a/bitnami/etcd/README.md +++ b/bitnami/etcd/README.md @@ -109,7 +109,6 @@ Here is an example of the environment configuration bootstrapping an etcd cluste | 2 | ETCD_NAME | etcd-2 | | 2 | ETCD_INITIAL_ADVERTISE_PEER_URLS | | |---------|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| * | ETCD_INITIAL_CLUSTER_STATE | new | | * | ETCD_INITIAL_CLUSTER_TOKEN | etcd-cluster-k8s | | * | ETCD_INITIAL_CLUSTER | etcd-0=,etcd-1=,etcd-2= | @@ -405,11 +404,9 @@ If you encounter errors when working with persistent volumes, refer to our [trou | `auth.peer.caFilename` | Name of the file containing the peer CA certificate | `""` | | `autoCompactionMode` | Auto compaction mode, by default periodic. Valid values: "periodic", "revision". | `""` | | `autoCompactionRetention` | Auto compaction retention for mvcc key value store in hour, by default 0, means disabled | `""` | -| `initialClusterState` | Initial cluster state. Allowed values: 'new' or 'existing' | `""` | | `initialClusterToken` | Initial cluster token. Can be used to protect etcd from cross-cluster-interaction, which might corrupt the clusters. | `etcd-cluster-k8s` | | `logLevel` | Sets the log level for the etcd process. Allowed values: 'debug', 'info', 'warn', 'error', 'panic', 'fatal' | `info` | | `maxProcs` | Limits the number of operating system threads that can execute user-level | `""` | -| `removeMemberOnContainerTermination` | Use a PreStop hook to remove the etcd members from the etcd cluster on container termination | `true` | | `configuration` | etcd configuration. Specify content for etcd.conf.yml | `""` | | `existingConfigmap` | Existing ConfigMap with etcd configuration | `""` | | `extraEnvVars` | Extra environment variables to be set on etcd container | `[]` | @@ -704,6 +701,14 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 11.0.0 + +This version introduces the following breaking changes: + +- Remove `initialClusterState` which was unreliable at detecting cluster state. From now on, each node will contact other members to determine cluster state. If no members are available and the data dir is empty, then it bootstraps a new cluster. +- Remove `removeMemberOnContainerTermination` which was unreliable at removing stale members during replica count updates. Instead, a pre-upgrade hook is added to check and remove stale members. +- Remove support for manual scaling with `kubectl` or autoscaler. Upgrading of any kind including increasing replica count must be done with `helm upgrade` exclusively. CD automation tools that respect Helm hooks such as ArgoCD can also be used. + ### To 10.7.0 This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). diff --git a/bitnami/etcd/templates/preupgrade-hook-job.yaml b/bitnami/etcd/templates/preupgrade-hook-job.yaml new file mode 100644 index 00000000000000..2251e5b19ec9d2 --- /dev/null +++ b/bitnami/etcd/templates/preupgrade-hook-job.yaml @@ -0,0 +1,173 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} +apiVersion: {{ include "common.capabilities.job.apiVersion" . }} +kind: Job +metadata: + name: {{ include "common.names.fullname" . }}-pre-upgrade + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: etcd-pre-upgrade-job + {{- $defaultAnnotations := dict "helm.sh/hook" "pre-upgrade" "helm.sh/hook-delete-policy" "before-hook-creation" }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonAnnotations $defaultAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: etcd-pre-upgrade-job + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if (include "etcd.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if (include "etcd.token.createSecret" .) }} + checksum/token-secret: {{ include (print $.Template.BasePath "/token-secrets.yaml") . | sha256sum }} + {{- end }} + spec: + {{- include "etcd.imagePullSecrets" . | nindent 6 }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "etcd-pre-upgrade-job" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "etcd-pre-upgrade-job" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + restartPolicy: Never + containers: + {{- $replicaCount := int .Values.replicaCount }} + {{- $peerPort := int .Values.containerPorts.peer }} + {{- $etcdFullname := include "common.names.fullname" . }} + {{- $releaseNamespace := .Release.Namespace }} + {{- $etcdHeadlessServiceName := (printf "%s-%s" $etcdFullname "headless" | trunc 63 | trimSuffix "-") }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $etcdPeerProtocol := include "etcd.peerProtocol" . }} + - name: pre-upgrade-job + image: {{ include "etcd.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + command: [ "/opt/bitnami/scripts/etcd/entrypoint.sh" ] + args: [ "/opt/bitnami/scripts/etcd/preupgrade.sh" ] + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: ETCD_ON_K8S + value: "yes" + - name: ETCD_DATA_DIR + value: "/bitnami/etcd/data" + {{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} + - name: ETCD_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "etcd.secretName" . }} + key: {{ include "etcd.secretPasswordKey" . }} + {{- end }} + {{- if gt $replicaCount 1 }} + {{- $initialCluster := list }} + {{- range $e, $i := until $replicaCount }} + {{- $initialCluster = append $initialCluster (printf "%s-%d=%s://%s-%d.%s.%s.svc.%s:%d" $etcdFullname $i $etcdPeerProtocol $etcdFullname $i $etcdHeadlessServiceName $releaseNamespace $clusterDomain $peerPort) }} + {{- end }} + - name: ETCD_INITIAL_CLUSTER + value: {{ join "," $initialCluster | quote }} + {{- end }} + {{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS }} + - name: ETCD_AUTO_TLS + value: "true" + {{- else if .Values.auth.client.secureTransport }} + - name: ETCD_CERT_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}" + - name: ETCD_KEY_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}" + {{- if .Values.auth.client.enableAuthentication }} + - name: ETCD_CLIENT_CERT_AUTH + value: "true" + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- else if .Values.auth.client.caFilename }} + - name: ETCD_TRUSTED_CA_FILE + value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}" + {{- end }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + volumeMounts: + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: configuration + mountPath: /opt/bitnami/etcd/conf/ + {{- else }} + - name: empty-dir + mountPath: /opt/bitnami/etcd/conf/ + subPath: app-conf-dir + {{- end }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + {{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") }} + - name: etcd-jwt-token + mountPath: /opt/bitnami/etcd/certs/token/ + readOnly: true + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + - name: etcd-client-certs + mountPath: /opt/bitnami/etcd/certs/client/ + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: configuration + configMap: + name: {{ include "etcd.configmapName" . }} + {{- end }} + {{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") }} + - name: etcd-jwt-token + secret: + secretName: {{ include "etcd.token.secretName" . }} + defaultMode: 256 + {{- end }} + {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} + - name: etcd-client-certs + secret: + secretName: {{ required "A secret containing the client certificates is required" (tpl .Values.auth.client.existingSecret .) }} + defaultMode: 256 + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/bitnami/etcd/templates/statefulset.yaml b/bitnami/etcd/templates/statefulset.yaml index cd4ca62bbb5f3d..778479ff835d6d 100644 --- a/bitnami/etcd/templates/statefulset.yaml +++ b/bitnami/etcd/templates/statefulset.yaml @@ -206,8 +206,6 @@ spec: {{- if gt $replicaCount 1 }} - name: ETCD_INITIAL_CLUSTER_TOKEN value: {{ .Values.initialClusterToken | quote }} - - name: ETCD_INITIAL_CLUSTER_STATE - value: {{ default (ternary "new" "existing" .Release.IsInstall) .Values.initialClusterState | quote }} {{- $initialCluster := list }} {{- range $e, $i := until $replicaCount }} {{- $initialCluster = append $initialCluster (printf "%s-%d=%s://%s-%d.%s.%s.svc.%s:%d" $etcdFullname $i $etcdPeerProtocol $etcdFullname $i $etcdHeadlessServiceName $releaseNamespace $clusterDomain $peerPort) }} @@ -326,12 +324,6 @@ spec: {{- end }} {{- if .Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- else if and (gt $replicaCount 1) .Values.removeMemberOnContainerTermination }} - lifecycle: - preStop: - exec: - command: - - /opt/bitnami/scripts/etcd/prestop.sh {{- end }} {{- end }} {{- if .Values.resources }} diff --git a/bitnami/etcd/values.yaml b/bitnami/etcd/values.yaml index a66fc92dc66490..c8a2206c8d92d1 100644 --- a/bitnami/etcd/values.yaml +++ b/bitnami/etcd/values.yaml @@ -86,7 +86,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/etcd - tag: 3.5.17-debian-12-r3 + tag: 3.5.17-debian-12-r4 digest: "" ## @param image.pullPolicy etcd image pull policy ## Specify a imagePullPolicy @@ -215,12 +215,6 @@ autoCompactionMode: "" ## @param autoCompactionRetention Auto compaction retention for mvcc key value store in hour, by default 0, means disabled ## autoCompactionRetention: "" -## @param initialClusterState Initial cluster state. Allowed values: 'new' or 'existing' -## If this values is not set, the default values below are set: -## - 'new': when installing the chart ('helm install ...') -## - 'existing': when upgrading the chart ('helm upgrade ...') -## -initialClusterState: "" ## @param initialClusterToken Initial cluster token. Can be used to protect etcd from cross-cluster-interaction, which might corrupt the clusters. ## If spinning up multiple clusters (or creating and destroying a single cluster) ## with same configuration for testing purpose, it is highly recommended that each cluster is given a unique initial-cluster-token. @@ -235,11 +229,6 @@ logLevel: "info" ## ref: https://golang.org/pkg/runtime ## maxProcs: "" -## @param removeMemberOnContainerTermination Use a PreStop hook to remove the etcd members from the etcd cluster on container termination -## they the containers are terminated. Set to 'false' if appears an error-related member ID wasn't properly stored. -## NOTE: Ignored if lifecycleHooks is set or replicaCount=1 -## -removeMemberOnContainerTermination: true ## @param configuration etcd configuration. Specify content for etcd.conf.yml ## e.g: ## configuration: |- From 422b3a72023f2c47fded9e3d696c855540d1b158 Mon Sep 17 00:00:00 2001 From: JulesdeCube <41579596+JulesdeCube@users.noreply.github.com> Date: Mon, 20 Jan 2025 11:11:20 +0100 Subject: [PATCH 2/2] [bitnami/clickhouse] Fix: bind ipv6 and ipv4 by default (#31200) * fix(clickhouse): bind ipv6 and ipv4 by default Modify `defaultConfigurationOverrides` to listen on ipv4 and ipv6 and replace the default launch args of the `setup.sh` to accept args Signed-off-by: Jules Lefebvre * chore(clickhouse): increase chart version to 7.2.0 Increase clickhouse version number from 7.1.5 to 7.2.0 Signed-off-by: Jules Lefebvre * Update CHANGELOG.md Signed-off-by: Bitnami Containers --------- Signed-off-by: Jules Lefebvre Signed-off-by: Bitnami Containers Co-authored-by: Jules Lefebvre Co-authored-by: Bitnami Containers --- bitnami/clickhouse/CHANGELOG.md | 8 ++++++-- bitnami/clickhouse/Chart.yaml | 2 +- bitnami/clickhouse/templates/scripts-configmap.yaml | 2 +- bitnami/clickhouse/values.yaml | 3 +++ 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/bitnami/clickhouse/CHANGELOG.md b/bitnami/clickhouse/CHANGELOG.md index 6078fc41dfdaa2..5175344f483e0d 100644 --- a/bitnami/clickhouse/CHANGELOG.md +++ b/bitnami/clickhouse/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog -## 7.1.6 (2025-01-17) +## 7.2.0 (2025-01-17) -* [bitnami/clickhouse] Release 7.1.6 ([#31450](https://github.com/bitnami/charts/pull/31450)) +* [bitnami/clickhouse] Fix: bind ipv6 and ipv4 by default ([#31200](https://github.com/bitnami/charts/pull/31200)) + +## 7.1.6 (2025-01-17) + +* [bitnami/clickhouse] Release 7.1.6 (#31450) ([aca9954](https://github.com/bitnami/charts/commit/aca99540e8ba61cfab493704c56520fc2f010849)), closes [#31450](https://github.com/bitnami/charts/issues/31450) ## 7.1.5 (2025-01-14) diff --git a/bitnami/clickhouse/Chart.yaml b/bitnami/clickhouse/Chart.yaml index 98eb960c51ce8d..a063ba94857b58 100644 --- a/bitnami/clickhouse/Chart.yaml +++ b/bitnami/clickhouse/Chart.yaml @@ -33,4 +33,4 @@ maintainers: name: clickhouse sources: - https://github.com/bitnami/charts/tree/main/bitnami/clickhouse -version: 7.1.6 +version: 7.2.0 diff --git a/bitnami/clickhouse/templates/scripts-configmap.yaml b/bitnami/clickhouse/templates/scripts-configmap.yaml index 1a4288de4064e9..e3f6dd189c690a 100644 --- a/bitnami/clickhouse/templates/scripts-configmap.yaml +++ b/bitnami/clickhouse/templates/scripts-configmap.yaml @@ -31,4 +31,4 @@ data: exit 1 fi fi - exec /opt/bitnami/scripts/clickhouse/entrypoint.sh /opt/bitnami/scripts/clickhouse/run.sh -- --listen_host=0.0.0.0 + exec /opt/bitnami/scripts/clickhouse/entrypoint.sh /opt/bitnami/scripts/clickhouse/run.sh "$@" diff --git a/bitnami/clickhouse/values.yaml b/bitnami/clickhouse/values.yaml index 7d8827eca1fbc6..e000859a88b2ed 100644 --- a/bitnami/clickhouse/values.yaml +++ b/bitnami/clickhouse/values.yaml @@ -415,6 +415,9 @@ defaultConfigurationOverrides: | true {{- end }} + 0.0.0.0 + :: + 1 ## @param existingOverridesConfigmap The name of an existing ConfigMap with your custom configuration for ClickHouse ##