Resolves: #34771
This moves away from relying on discontinued bitnami charts and instead
adds a small mysql chart, a valkey/redis chart and a brief guide update
on how to migrate from one to the other.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Helm chart bumped to v7.0.0.
* Replaced Redis with Valkey as the caching backend and added Valkey
configuration options.
* Added an optional embedded MySQL chart with configurable auth,
persistence, service, and credentials handling.
* **Chores**
* CI now adds the Valkey Helm repository and builds chart dependencies
before templating.
* .gitignore adjusted to only ignore packaged chart archives (*.tgz).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: georgekarrv <1501415+georgekarrv@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Version bumped to v4.84.2 across Helm charts, container images,
deployment infrastructure, and npm package.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated Fleet version from v4.84.0 to v4.84.1 across deployment
configurations (Helm values, container images, Terraform for AWS/GCP,
and npm package) and bumped Helm chart package version v6.9.1 → v6.9.2.
* **Documentation**
* Updated CLI help/example text to reference the v4.84.1 milestone.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#43330
- Update tmp volume mounts to be unconditional
- Fixes an issue where `fleet.tls.enabled = false`, `databse.tls.enabled
= false`, `osquery.logging.statusPlugin != "filesystem"`,
`osquery.logging.resultPlugin != "filesystem"`, and
`fleet.additionalCAs.enabled = false`, all at once, would lead to
exclusion of the `tmp` volume mount and affecting software installer
uploads.
- Bump helm chart version from `6.8.10` -> `6.9.0`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Release**
* Updated Helm chart version to v6.9.0
* **Improvements**
* Enhanced deployment configuration to properly support additional
Certificate Authority (CA) handling alongside existing security
configurations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Issue
Closes#43330
## Description
This PR allows self-hosted, Kubernetes-based Fleet users to configure
`securityContext.readOnlyRootFilesystem` in `values.yaml`, which is then
propagated down to the `deployment.yaml` template.
This change provides a convenient mechanism for users to fix a known
issue while preserving the current default behavior.
## Testing
The underlying `deployment.yaml` change has been tested in a standard
Google Kubernetes Engine cluster, and is confirmed to fix the linked
issue when using either Ubuntu-based or Container-Optimized OS
(COS)-based `containerd` container runtimes in GKE.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Chores**
* Enhanced fleet container security by making the read-only root
filesystem setting configurable. Deployments can now customize this
security parameter to meet specific requirements, while secure defaults
are automatically applied for standard installations that don't require
custom configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Released patch version v4.83.2 with updated Helm chart and application
metadata.
* Updated deployment configurations to use the latest container image
version across cloud providers.
* Updated published package version to v4.83.2.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Released patch v4.83.1: updated chart and app metadata, container
image tags, Terraform deployment defaults, and npm package version to
v4.83.1.
* **Documentation**
* Updated CLI help/example to reference the v4.83.1 milestone.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- Increments Helm chart to `6.8.0`
- Adds Fleet Helm chart support for adding additional CA certificates to
the Fleet container's trust store
- Allows adding additional CA certificates stored in kubernetes secrets
and kubernetes config maps to
- Fleet pods
- Fleet vulnerability processing pods
- Bump helm chart version to v6.7.4
- Add `metadata.namespace` to the ingress template to ensure that
ingress is deployed in the same namespace as all other resources
- Add `spec.revisionHistoryLimit` to the deployment template
(`.Values.revisionHistoryLimit`)
Signed-off-by: t0x01 <T0x01@protonmail.ch>
- Bumps helm chart version to v6.7.0
- Adds s3 softwareinstallers region
(`.Values.fleet.softwareinstallers.s3.region`)
- Adds s3 carving region (`.Values.fleet.carving.s3.region`)
- Added support for configuring read only replicas via values.yaml
- Added support for read only replica environment variables in
deployment.yaml and cron-vulnprocessing.yaml
Closes#29710
- Added label `component: fleet-server` to deployment.yaml under labels
and matchLabels
- Added label `component: fleet-server` to service.yaml under selector
