Merge Release/7.12.x into master

Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami
-  version: 11.9.8
-digest: sha256:2ade0110105c9a1cb864c813473cdbfddb4eee4c9bbf79dee9a4da90fe82bb44
-generated: "2022-10-08T15:03:27.191417208Z"
+  version: 16.3.2
+digest: sha256:913828a3b53fb4f5a9730250296bc1fd159f5f7cb5dbb972e92d90958ed81ecb
+generated: "2024-12-18T14:48:15.95980588Z"

Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
 name: concourse
 type: application
-version: 17.2.1
-appVersion: 7.11.0
+version: 18.0.1
+appVersion: 7.12.1
 description: Concourse is a simple and scalable CI system.
 icon: https://avatars1.githubusercontent.com/u/7809479
 keywords:
@@ -15,7 +15,7 @@ sources:
   - https://github.com/concourse/concourse
 dependencies:
   - name: postgresql
-    version: 11.9.8
+    version: 16.3.2
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
 maintainers:

README.md

@@ -87,7 +87,7 @@ The following table lists the configurable parameters of the Concourse chart and
 | `imageDigest` | Specific image digest to use in place of a tag. | `nil` |
 | `imagePullPolicy` | Concourse image pull policy | `IfNotPresent` |
 | `imagePullSecrets` | Array of imagePullSecrets in the namespace for pulling images | `[]` |
-| `imageTag` | Concourse image version | `7.11.0` |
+| `imageTag` | Concourse image version | `7.12.1` |
 | `image` | Concourse image | `concourse/concourse` |
 | `nameOverride` | Provide a name in place of `concourse` for `app:` labels | `nil` |
 | `persistence.enabled` | Enable Concourse persistence using Persistent Volume Claims | `true` |
@@ -250,6 +250,7 @@ The following table lists the configurable parameters of the Concourse chart and
 | `web.tlsSecretsPath` | Where in the container the web TLS secrets should be mounted | `/concourse-web-tls` |
 | `web.tolerations` | Tolerations for the web nodes | `[]` |
 | `web.vaultSecretsPath` | Specify the mount directory of the web vault secrets | `/concourse-vault` |
+| `web.vault.tokenPath` | Specify the path to a file containing a vault client authentication token | `nil` |
 | `worker.additionalAffinities` | Additional affinities to apply to worker pods. E.g: node affinity | `{}` |
 | `worker.additionalVolumeMounts` | VolumeMounts to be added to the worker pods | `nil` |
 | `worker.additionalPorts` | Additional ports to be added to worker pods | `[]` |

templates/_helpers.tpl

@@ -296,6 +296,18 @@ Return concourse environment variables for worker configuration
 - name: CONCOURSE_CONTAINERD_NETWORK_POOL
   value: {{ .Values.concourse.worker.containerd.networkPool | quote }}
 {{- end }}
+{{- if .Values.concourse.worker.containerd.ipv6.enabled }}
+- name: CONCOURSE_CONTAINERD_V6_ENABLE
+  value: {{ .Values.concourse.worker.containerd.ipv6.enabled | quote }}
+{{- end }}
+{{- if .Values.concourse.worker.containerd.ipv6.pool }}
+- name: CONCOURSE_CONTAINERD_V6_POOL
+  value: {{ .Values.concourse.worker.containerd.ipv6.pool | quote }}
+{{- end }}
+{{- if .Values.concourse.worker.containerd.ipv6.disableMasquerade }}
+- name: CONCOURSE_CONTAINERD_V6_DISABLE_MASQUERADE
+  value: {{ .Values.concourse.worker.containerd.ipv6.disableMasquerade | quote }}
+{{- end }}
 {{- if .Values.concourse.worker.containerd.requestTimeout }}
 - name: CONCOURSE_CONTAINERD_REQUEST_TIMEOUT
   value: {{ .Values.concourse.worker.containerd.requestTimeout | quote }}
@@ -485,5 +497,9 @@ Return concourse environment variables for postgresql configuration
 - name: CONCOURSE_POSTGRES_DATABASE
   value: {{ .Values.concourse.web.postgres.database | quote }}
 {{- end }}
+{{- if .Values.concourse.web.postgres.binaryParameter }}
+- name: CONCOURSE_POSTGRES_BINARY_PARAMETERS
+  value: {{ .Values.concourse.web.postgres.binaryParameter | quote }}
+{{- end }}
 {{- end -}}
 {{- end -}}

templates/web-deployment.yaml

@@ -65,7 +65,7 @@ spec:
           {{- if .Values.web.securityContext }}
           securityContext:
           {{- toYaml .Values.web.securityContext | nindent 12 }}
-          {{- end }}          
+          {{- end }}
           env:
 {{- include "concourse.postgresql.env" . | indent 12 }}
           volumeMounts:
@@ -395,6 +395,10 @@ spec:
             - name: CONCOURSE_RESOURCE_CHECKING_INTERVAL
               value: {{ .Values.concourse.web.resourceCheckingInterval | quote }}
             {{- end }}
+            {{- if .Values.concourse.web.resourceTypeCheckingInterval }}
+            - name: CONCOURSE_RESOURCE_TYPE_CHECKING_INTERVAL
+              value: {{ .Values.concourse.web.resourceTypeCheckingInterval | quote }}
+            {{- end }}
             {{- if .Values.concourse.web.resourceWithWebhookCheckingInterval }}
             - name: CONCOURSE_RESOURCE_WITH_WEBHOOK_CHECKING_INTERVAL
               value: {{ .Values.concourse.web.resourceWithWebhookCheckingInterval | quote }}
@@ -577,6 +581,10 @@ spec:
             - name: CONCOURSE_AWS_SSM_TEAM_SECRET_TEMPLATE
               value: {{ .Values.concourse.web.awsSsm.teamSecretTemplate | quote }}
             {{- end }}
+            {{- if.Values.concourse.web.awsSsm.sharedPath }}
+            - name: CONCOURSE_AWS_SSM_SHARED_PATH
+              value: {{ .Values.concourse.web.awsSsm.sharedPath | quote }}
+            {{- end }}
             {{- end }}
             {{- if .Values.concourse.web.vault.enabled }}
             - name: CONCOURSE_VAULT_URL
@@ -603,13 +611,17 @@ spec:
             - name: CONCOURSE_VAULT_CA_CERT
               value: "{{ .Values.web.vaultSecretsPath }}/ca.cert"
             {{- end }}
-            {{- if eq .Values.concourse.web.vault.authBackend "token" }}
+            {{- if and (eq .Values.concourse.web.vault.authBackend "token") (not .Values.concourse.web.vault.tokenPath) }}
             - name: CONCOURSE_VAULT_CLIENT_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: {{ template "concourse.web.fullname" . }}
                   key: vault-client-token
             {{- end }}
+            {{- if .Values.concourse.web.vault.tokenPath }}
+            - name: CONCOURSE_VAULT_CLIENT_TOKEN_PATH
+              value: "{{ .Values.concourse.web.vault.tokenPath | quote }}"
+            {{- end }}
             {{- if eq .Values.concourse.web.vault.authBackend "cert" }}
             - name: CONCOURSE_VAULT_CLIENT_CERT
               value: "{{ .Values.web.vaultSecretsPath }}/client.cert"

values.yaml

@@ -21,7 +21,7 @@ image: concourse/concourse
 ##      of `concourse/concourse`.
 ## Ref: https://hub.docker.com/r/concourse/concourse/tags/
 ##
-imageTag: "7.11.0"
+imageTag: "7.12.1"
 
 ## Specific image digest to use in place of a tag.
 ## Ref: https://kubernetes.io/docs/concepts/configuration/overview/#container-images
@@ -305,6 +305,10 @@ concourse:
     ##
     resourceCheckingInterval: 1m
 
+    ## Interval on which to check for new versions of resource types.
+    ##
+    resourceCheckingInterval: 1m
+
     ## Interval on which to check for new versions of any resources that have
     ## configured a webhook token
     ##
@@ -495,6 +499,11 @@ concourse:
       ##
       database: atc
 
+      ## Whether to use the binary_parameter option from the lib/pq driver that
+      ## Concourse uses to connect to PostgreSQL
+      ##
+      binaryParameter: false
+
 
     kubernetes:
       ## Enable the use of Kubernetes Secrets as the credential provider for
@@ -583,6 +592,9 @@ concourse:
       ##
       teamSecretTemplate: /concourse/{{.Team}}/{{.Secret}}
 
+      ## Path under which to lookup shared credentials.
+      ##
+      sharedPath:
 
     ## Configuration for using Vault as a credential manager.
     ## Ref: https://concourse-ci.org/creds.html#vault
@@ -628,6 +640,13 @@ concourse:
       ##
       authBackend: ""
 
+      ## Path to file containing a Vault authentication token. This is particularly useful in
+      ## combination with the Vault Agent sidecar.
+      ##
+      ## Example: /vault/secrets/token
+      ##
+      tokenPath: ""
+
       ## if the Vault authentication backend requires params from secrets, set this to true,
       ## and provide a value in secrets (field `vault-client-auth-param`).
       ##
@@ -1705,7 +1724,7 @@ concourse:
 
     ## Runtime to use with the worker. Possible values: guardian, containerd, houdini.
     ## Please note that Houdini is insecure and doesn't run 'tasks' in containers.
-    runtime:
+    runtime: containerd
 
     tsa:
 
@@ -1799,10 +1818,23 @@ concourse:
       ## Maximum container capacity. 0 means no limit. Defaults to 250.
       maxContainers:
 
-      ## Network range to use for dynamically allocated container subnets, defaults to "10.80.0.0/16"
-      ##
+      ## Network range to use for dynamically allocated container subnets
+      ## defaults to "10.80.0.0/16"
       networkPool:
 
+      ## Enable and configure IPv6 for containers on the worker
+      ipv6:
+
+        ## Enables IPv6 networking in the Containerd CNI
+        enabled: false
+
+        ## Network range to use for dynamically allocated container
+        ## subnets, defaults to "fd9c:31a6:c759::/64"
+        pool:
+
+        ## Disables masquerading of container traffic with the workers address
+        disableMasquerade:
+
       ## Time to wait for requests to Containerd to complete. 0 means no timeout.
       requestTimeout: