From c228ddb12e780bd3cf3c81a763e7ca1b5913b821 Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Fri, 15 Aug 2025 00:52:40 +0000 Subject: [PATCH] chore(chart-deps): update metrics-server to version 7.4.12 --- chart/chart-index/Chart.yaml | 2 +- charts/metrics-server/Chart.lock | 6 +++--- charts/metrics-server/Chart.yaml | 4 ++-- charts/metrics-server/README.md | 11 ++++++++++ .../metrics-server/charts/common/Chart.yaml | 4 ++-- charts/metrics-server/charts/common/README.md | 16 ++++++++++----- .../charts/common/templates/_capabilities.tpl | 2 +- .../charts/common/templates/_errors.tpl | 15 ++++++++++---- .../charts/common/templates/_ingress.tpl | 20 ------------------- .../charts/common/templates/_names.tpl | 7 ++++--- charts/metrics-server/templates/NOTES.txt | 4 +++- charts/metrics-server/values.yaml | 2 +- 12 files changed, 50 insertions(+), 43 deletions(-) diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index d6807bbd96..16a3acc9de 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -69,7 +69,7 @@ dependencies: version: 0.79.4 repository: https://grafana.github.io/helm-charts - name: metrics-server - version: 7.4.10 + version: 7.4.12 repository: https://charts.bitnami.com/bitnami - name: minio version: 11.10.13 diff --git a/charts/metrics-server/Chart.lock b/charts/metrics-server/Chart.lock index 69f3df503d..a6f8bb6e5e 100644 --- a/charts/metrics-server/Chart.lock +++ b/charts/metrics-server/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.31.0 -digest: sha256:c4c9af4e0ca23cf2c549e403b2a2bba2c53a3557cee23da09fa4cdf710044c2c -generated: "2025-05-06T10:38:35.726162187+02:00" + version: 2.31.4 +digest: sha256:fc442e77200e1914dd46fe26490dcf62f44caa51db673c2f8e67d5319cd4c163 +generated: "2025-08-14T12:34:25.773130173Z" diff --git a/charts/metrics-server/Chart.yaml b/charts/metrics-server/Chart.yaml index 76064db388..f4c4ad1c49 100644 --- a/charts/metrics-server/Chart.yaml +++ b/charts/metrics-server/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Analytics images: | - name: metrics-server - image: docker.io/bitnami/metrics-server:0.8.0-debian-12-r1 + image: docker.io/bitnami/metrics-server:0.8.0-debian-12-r4 licenses: Apache-2.0 tanzuCategory: clusterUtility apiVersion: v2 @@ -28,4 +28,4 @@ maintainers: name: metrics-server sources: - https://github.com/bitnami/charts/tree/main/bitnami/metrics-server -version: 7.4.10 +version: 7.4.12 diff --git a/charts/metrics-server/README.md b/charts/metrics-server/README.md index 7375572b6e..adc3e1d1bc 100644 --- a/charts/metrics-server/README.md +++ b/charts/metrics-server/README.md @@ -16,6 +16,17 @@ helm install my-release oci://registry-1.docker.io/bitnamicharts/metrics-server Looking to use Metrics Server in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. +## ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog + +Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition: + +- Granting community users access for the first time to security-optimized versions of popular container images. +- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes +- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates. +- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support. + +These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267). + ## Introduction This chart bootstraps a [Metrics Server](https://github.com/bitnami/containers/tree/main/bitnami/metrics-server) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. diff --git a/charts/metrics-server/charts/common/Chart.yaml b/charts/metrics-server/charts/common/Chart.yaml index 49ec73d7c0..fb04f761e7 100644 --- a/charts/metrics-server/charts/common/Chart.yaml +++ b/charts/metrics-server/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.31.0 +appVersion: 2.31.4 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts/tree/main/bitnami/common type: library -version: 2.31.0 +version: 2.31.4 diff --git a/charts/metrics-server/charts/common/README.md b/charts/metrics-server/charts/common/README.md index b84bbbabfc..71368aa7a2 100644 --- a/charts/metrics-server/charts/common/README.md +++ b/charts/metrics-server/charts/common/README.md @@ -26,12 +26,21 @@ data: Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. +## ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog + +Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition: + +- Granting community users access for the first time to security-optimized versions of popular container images. +- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes +- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates. +- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support. + +These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267). + ## Introduction This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - ## Prerequisites - Kubernetes 1.23+ @@ -62,7 +71,6 @@ The following table lists the helpers available in the library which are scoped | `common.capabilities.job.apiVersion` | Return the appropriate apiVersion for job. | `.` Chart context | | `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | | `common.capabilities.daemonset.apiVersion` | Return the appropriate apiVersion for daemonset. | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | | `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | | `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | | `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | @@ -107,8 +115,6 @@ The following table lists the helpers available in the library which are scoped | Helper identifier | Description | Expected Input | | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | | `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | ### Labels diff --git a/charts/metrics-server/charts/common/templates/_capabilities.tpl b/charts/metrics-server/charts/common/templates/_capabilities.tpl index 6efde9d348..58f58c1c10 100644 --- a/charts/metrics-server/charts/common/templates/_capabilities.tpl +++ b/charts/metrics-server/charts/common/templates/_capabilities.tpl @@ -115,7 +115,7 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. Return the appropriate apiVersion for Vertical Pod Autoscaler. */}} {{- define "common.capabilities.vpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} {{- if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} {{- print "autoscaling/v1beta2" -}} {{- else -}} diff --git a/charts/metrics-server/charts/common/templates/_errors.tpl b/charts/metrics-server/charts/common/templates/_errors.tpl index 95b8b8e292..fb704c990c 100644 --- a/charts/metrics-server/charts/common/templates/_errors.tpl +++ b/charts/metrics-server/charts/common/templates/_errors.tpl @@ -38,6 +38,7 @@ Usage: {{- define "common.errors.insecureImages" -}} {{- $relocatedImages := list -}} {{- $replacedImages := list -}} +{{- $bitnamiLegacyImages := list -}} {{- $retaggedImages := list -}} {{- $globalRegistry := ((.context.Values.global).imageRegistry) -}} {{- $originalImages := .context.Chart.Annotations.images -}} @@ -49,7 +50,10 @@ Usage: {{- if not (contains $registryName $originalImages) -}} {{- $relocatedImages = append $relocatedImages $fullImageName -}} {{- else if not (contains .repository $originalImages) -}} - {{- $replacedImages = append $replacedImages $fullImageName -}} + {{- $replacedImages = append $replacedImages $fullImageName -}} + {{- if contains "docker.io/bitnamilegacy/" $fullImageNameNoTag -}} + {{- $bitnamiLegacyImages = append $bitnamiLegacyImages $fullImageName -}} + {{- end -}} {{- end -}} {{- end -}} {{- if not (contains (printf "%s:%s" .repository .tag) $originalImages) -}} @@ -58,14 +62,17 @@ Usage: {{- end -}} {{- if and (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) (((.context.Values.global).security).allowInsecureImages) -}} - {{- print "\n\n⚠ SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}} + {{- print "\n\n⚠ SECURITY WARNING: Verifying original container images was skipped. Please note this Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Bitnami Secure Images containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.\n" -}} {{- else if (or (gt (len $relocatedImages) 0) (gt (len $replacedImages) 0)) -}} {{- $errorString := "Original containers have been substituted for unrecognized ones. Deploying this chart with non-standard containers is likely to cause degraded security and performance, broken chart features, and missing environment variables." -}} {{- $errorString = print $errorString "\n\nUnrecognized images:" -}} {{- range (concat $relocatedImages $replacedImages) -}} {{- $errorString = print $errorString "\n - " . -}} {{- end -}} - {{- if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) -}} + {{- if and (eq (len $relocatedImages) 0) (eq (len $replacedImages) (len $bitnamiLegacyImages)) -}} + {{- $errorString = print "\n\n⚠ WARNING: " $errorString -}} + {{- print $errorString -}} + {{- else if or (contains "docker.io/bitnami/" $originalImages) (contains "docker.io/bitnamiprem/" $originalImages) (contains "docker.io/bitnamisecure/" $originalImages) -}} {{- $errorString = print "\n\n⚠ ERROR: " $errorString -}} {{- $errorString = print $errorString "\n\nIf you are sure you want to proceed with non-standard containers, you can skip container image verification by setting the global parameter 'global.security.allowInsecureImages' to true." -}} {{- $errorString = print $errorString "\nFurther information can be obtained at https://github.com/bitnami/charts/issues/30850" -}} @@ -75,7 +82,7 @@ Usage: {{- print $errorString -}} {{- end -}} {{- else if gt (len $retaggedImages) 0 -}} - {{- $warnString := "\n\n⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Tanzu Application Catalog containers. Substituting original image tags could cause unexpected behavior." -}} + {{- $warnString := "\n\n⚠ WARNING: Original containers have been retagged. Please note this Helm chart was tested, and validated on multiple platforms using a specific set of Bitnami and Bitnami Secure Images containers. Substituting original image tags could cause unexpected behavior." -}} {{- $warnString = print $warnString "\n\nRetagged images:" -}} {{- range $retaggedImages -}} {{- $warnString = print $warnString "\n - " . -}} diff --git a/charts/metrics-server/charts/common/templates/_ingress.tpl b/charts/metrics-server/charts/common/templates/_ingress.tpl index 3973805657..2d0dbf1e60 100644 --- a/charts/metrics-server/charts/common/templates/_ingress.tpl +++ b/charts/metrics-server/charts/common/templates/_ingress.tpl @@ -27,26 +27,6 @@ service: {{- end }} {{- end -}} -{{/* -TODO: Remove as soon it is removed from the rest of the charts -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- print "true" -}} -{{- end -}} - -{{/* -TODO: Remove as soon it is removed from the rest of the charts -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- print "true" -}} -{{- end -}} - {{/* Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations diff --git a/charts/metrics-server/charts/common/templates/_names.tpl b/charts/metrics-server/charts/common/templates/_names.tpl index ba83956852..d5d0ae438e 100644 --- a/charts/metrics-server/charts/common/templates/_names.tpl +++ b/charts/metrics-server/charts/common/templates/_names.tpl @@ -28,10 +28,11 @@ If release name contains chart name it will be used as a full name. {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- $releaseName := regexReplaceAll "(-?[^a-z\\d\\-])+-?" (lower .Release.Name) "-" -}} +{{- if contains $name $releaseName -}} +{{- $releaseName | trunc 63 | trimSuffix "-" -}} {{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" $releaseName $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/metrics-server/templates/NOTES.txt b/charts/metrics-server/templates/NOTES.txt index bbd19c59c4..e7680c80b3 100644 --- a/charts/metrics-server/templates/NOTES.txt +++ b/charts/metrics-server/templates/NOTES.txt @@ -2,7 +2,9 @@ CHART NAME: {{ .Chart.Name }} CHART VERSION: {{ .Chart.Version }} APP VERSION: {{ .Chart.AppVersion }} -Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information. +⚠ WARNING: Since August 28th, 2025, only a limited subset of images/charts are available for free. + Subscribe to Bitnami Secure Images to receive continued support and security updates. + More info at https://bitnami.com and https://github.com/bitnami/containers/issues/83267 ** Please be patient while the chart is being deployed ** diff --git a/charts/metrics-server/values.yaml b/charts/metrics-server/values.yaml index 4d1d762f49..335c7cdfaa 100644 --- a/charts/metrics-server/values.yaml +++ b/charts/metrics-server/values.yaml @@ -84,7 +84,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/metrics-server - tag: 0.8.0-debian-12-r1 + tag: 0.8.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images