bitnami
diff --git a/‎SECURITY.md
+11-18 b/‎SECURITY.md
+11-18
diff --git a/‎bitnami/airflow/.helmignore
+2 b/‎bitnami/airflow/.helmignore
+2
diff --git a/‎bitnami/airflow/README.md
+157-3 b/‎bitnami/airflow/README.md
+157-3
diff --git a/‎bitnami/airflow/files/dags/README.md
+2 b/‎bitnami/airflow/files/dags/README.md
+2
diff --git a/‎bitnami/apache/.helmignore
+2 b/‎bitnami/apache/.helmignore
+2
@@ -2,47 +2,42 @@
 
 The community has adopted this security disclosure and response policy to ensure we responsibly handle critical issues.
 
-
 ## Supported Versions
 
 For a list of support versions that this project will potentially create security fixes for, please refer to the Releases page on this project's GitHub and/or project related documentation on release cadence and support.
 
-
 ## Reporting a Vulnerability - Private Disclosure Process
 
 Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to this project privately, to minimize attacks against current users  before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project.
 
 If you know of a publicly disclosed security vulnerability for this project, please **IMMEDIATELY** contact the maintainers of this project privately. The use of encrypted email is encouraged.
 
+**IMPORTANT**: Do not file public issues on GitHub for security vulnerabilities
 
-**IMPORTANT: Do not file public issues on GitHub for security vulnerabilities**
+To report a vulnerability or a security-related issue, please contact the maintainers with enough details through one of the following channels:
 
-To report a vulnerability or a security-related issue, please contact the maintainers with enough details through one of the following channels: 
 * Directly via their individual email addresses
 * Open a [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). This allows for anyone to report security vulnerabilities directly and privately to the maintainers via GitHub. Note that this option may not be present for every repository.
 
-The report will be fielded by the maintainers who have committer and release permissions. Feedback will be sent within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. 
+The report will be fielded by the maintainers who have committer and release permissions. Feedback will be sent within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime.
 
 Do not report non-security-impacting bugs through this channel. Use GitHub issues for all non-security-impacting bugs.
 
-
 ## Proposed Report Content
 
 Provide a descriptive title and in the description of the report include the following information:
 
-*   Basic identity information, such as your name and your affiliation or company.
-*   Detailed steps to reproduce the vulnerability  (POC scripts, screenshots, and logs are all helpful to us).
-*   Description of the effects of the vulnerability on this project and the related hardware and software configurations, so that the maintainers can reproduce it.
-*   How the vulnerability affects this project's usage and an estimation of the attack surface, if there is one.
-*   List other projects or dependencies that were used in conjunction with this project to produce the vulnerability.
-
+* Basic identity information, such as your name and your affiliation or company.
+* Detailed steps to reproduce the vulnerability  (POC scripts, screenshots, and logs are all helpful to us).
+* Description of the effects of the vulnerability on this project and the related hardware and software configurations, so that the maintainers can reproduce it.
+* How the vulnerability affects this project's usage and an estimation of the attack surface, if there is one.
+* List other projects or dependencies that were used in conjunction with this project to produce the vulnerability.
 
 ## When to report a vulnerability
 
-*   When you think this project has a potential security vulnerability.
-*   When you suspect a potential vulnerability but you are unsure that it impacts this project.
-*   When you know of or suspect a potential vulnerability on another project that is used by this project.
-
+* When you think this project has a potential security vulnerability.
+* When you suspect a potential vulnerability but you are unsure that it impacts this project.
+* When you know of or suspect a potential vulnerability on another project that is used by this project.
 
 ## Patch, Release, and Disclosure
 
@@ -56,14 +51,12 @@ The maintainers will respond to vulnerability reports as follows:
 6. The maintainers will work on fixing the vulnerability and perform internal testing before preparing to roll out the fix.
 7. Once the fix is confirmed, the maintainers will patch the vulnerability in the next patch or minor release, and backport a patch release into all earlier supported releases.
 
-
 ## Public Disclosure Process
 
 The maintainers publish the public advisory to this project's community via GitHub. In most cases, additional communication via Slack, Twitter, mailing lists, blog, and other channels will assist in educating the project's users and rolling out the patched release to affected users.
 
 The maintainers will also publish any mitigating steps users can take until the fix can be applied to their instances. This project's distributors will handle creating and publishing their own security advisories.
 
-
 ## Confidentiality, integrity and availability
 
 We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns. Availability, in particular in areas relating to DoS and resource exhaustion, is also a serious security concern. The maintainer team takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner.
 
@@ -19,3 +19,5 @@
 .project
 .idea/
 *.tmproj
+# img folder
+img/
@@ -743,9 +743,163 @@ NOTE: Due to an error in our release process, Redis&reg;' chart versions higher
 
 This major updates the PostgreSQL subchart to its newest major, 12.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1200) you can find more information about the changes introduced in that version.
 
-### To any previous version
+### To 13.0.0
 
-Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/infrastructure/apache-airflow/administration/upgrade/).
+This major update the Redis&reg; subchart to its newest major, 17.0.0, which updates Redis&reg; from its version 6.2 to the latest 7.0.
+
+### To 12.0.0
+
+This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. Additionally updates the PostgreSQL & Redis subcharts to their newest major 11.x.x and 16.x.x, respectively, which contain similar changes.
+
+- *auth.forcePassword* parameter is deprecated. The new version uses Helm's lookup functionalities and forcing passwords isn't required anymore.
+- *config* and *configurationConfigMap* have been renamed to *configuration* and *existingConfigmap*, respectively.
+- *dags.configMap* and *web.configMap* have been renamed to *dags.existingConfigmap* and *web.existingConfigmap*, respectively.
+- *web.containerPort* and *worker.port* have been regrouped under the *web.containerPorts* and *worker.containerPorts* maps, respectively.
+- *web.podDisruptionBudget*, *scheduler.podDisruptionBudget* and *worker.podDisruptionBudget* maps have been renamed to *web.pdb*, *scheduler.pdb* and *worker.pdb*, respectively.
+- *worker.autoscaling.replicas.min*, *worker.autoscaling.replicas.max*, *worker.autoscaling.targets.cpu* and *worker.autoscaling.targets.memory* have been renamed to *worker.autoscaling.minReplicas*, *worker.autoscaling.maxReplicas*, *worker.autoscaling.targetCPU* and *.Values.worker.autoscaling.targetMemory*, respectively.
+- *service.port* and *service.httpsPort* have been regrouped under the *service.ports* map.
+- *ingress* map is completely redefined.
+- *metrics.service.port* has been regrouped under the *metrics.service.ports* map.
+- Support for Network Policies is dropped and it'll be properly added in the future.
+- The secret keys *airflow-fernetKey* and *airflow-secretKey* were renamed to *airflow-fernet-key* and *airflow-secret-key*, respectively.
+
+#### How to upgrade to version 12.0.0
+
+To upgrade to *12.0.0* from *11.x*, it should be done reusing the PVC(s) used to hold the data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is *airflow* and the release namespace *default*):
+
+> NOTE: Please, create a backup of your database before running any of those actions.
+
+1. Obtain the credentials and the names of the PVCs used to hold the data on your current release:
+
+```console
+        export AIRFLOW_PASSWORD=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-password}" | base64 --decode)
+        export AIRFLOW_FERNET_KEY=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-fernetKey}" | base64 --decode)
+        export AIRFLOW_SECRET_KEY=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-secretKey}" | base64 --decode)
+        export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default airflow-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
+        export REDIS_PASSWORD=$(kubectl get secret --namespace default airflow-redis -o jsonpath="{.data.redis-password}" | base64 --decode)
+        export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=airflow,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}")
+```
+
+1. Delete the Airflow worker & PostgreSQL statefulset (notice the option *--cascade=false*) and secrets:
+
+```console
+        kubectl delete statefulsets.apps --cascade=false airflow-postgresql
+        kubectl delete statefulsets.apps --cascade=false airflow-worker
+        kubectl delete secret postgresql --namespace default
+        kubectl delete secret airflow --namespace default
+```
+
+1. Upgrade your release using the same PostgreSQL version:
+
+```console
+        CURRENT_PG_VERSION=$(kubectl exec airflow-postgresql-0 -- bash -c 'echo $BITNAMI_IMAGE_VERSION')
+        helm upgrade airflow bitnami/airflow \
+          --set loadExamples=true \
+          --set web.baseUrl=http://127.0.0.1:8080 \
+          --set auth.password=$AIRFLOW_PASSWORD \
+          --set auth.fernetKey=$AIRFLOW_FERNET_KEY \
+          --set auth.secretKey=$AIRFLOW_SECRET_KEY \
+          --set postgresql.image.tag=$CURRENT_VERSION \
+          --set postgresql.auth.password=$POSTGRESQL_PASSWORD \
+          --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC \
+          --set redis.password=$REDIS_PASSWORD \
+          --set redis.cluster.enabled=true
+```
+
+1. Delete the existing Airflow worker & PostgreSQL pods and the new statefulset will create a new one:
+
+```console
+        kubectl delete pod airflow-postgresql-0
+        kubectl delete pod airflow-worker-0
+```
+
+### To 11.0.0
+
+This major update the Redis&reg; subchart to its newest major, 15.0.0. [Here](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1500) you can find more info about the specific changes.
+
+### To 10.0.0
+
+This major updates the Redis&reg; subchart to it newest major, 14.0.0, which contains breaking changes. For more information on this subchart's major and the steps needed to migrate your data from your previous release, please refer to [Redis&reg; upgrade notes.](https://github.com/bitnami/charts/tree/main/bitnami/redis#to-1400).
+
+### To 7.0.0
+
+[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. The following changes were introduced in this version:
+
+- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
+- Move dependency information from the *requirements.yaml* to the *Chart.yaml*
+- After running *helm dependency update*, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock*
+- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart.
+- Several parameters were renamed or disappeared in favor of new ones on this major version:
+  - The image objects have been moved to its corresponding component object, e.g: *workerImage* now is located at *worker.image*.
+  - The prefix *airflow* has been removed. Therefore, parameters prefixed with *airflow* are now at root level, e.g. *airflow.loadExamples* now is *loadExamples* or *airflow.worker.resources* now is *worker.resources*.
+  - Parameters related to the *git* features has completely been refactored:
+    - They have been regrouped under the *git* map.
+    - *airflow.cloneDagsFromGit* no longer exists, instead you must use *git.dags* and *git.dags.repositories* has been introduced that will add support for multiple repositories.
+    - *airflow.clonePluginsFromGit* no longer exists, instead you must use *git.plugins*. *airflow.clonePluginsFromGit.repository*, *airflow.clonePluginsFromGit.branch* and *airflow.clonePluginsFromGit.path* have been removed in favour of *git.dags.repositories*.
+  - Liveness and readiness probe have been separated by components *airflow.livenessProbe.** and *airflow.readinessProbe* have been removed in favour of *web.livenessProbe*, *worker.livenessProbe*, *web.readinessProbe* and *worker.readinessProbe*.
+  - *airflow.baseUrl* has been moved to *web.baseUrl*.
+  - Security context has been migrated to the bitnami standard way so that *securityContext* has been divided into *podSecurityContext* that will define the **fsGroup** for all the containers in the pod and *containerSecurityContext* that will define the user id that will run the main containers.
+  - *./files/dags/*.py* will not be include in the deployment any more.
+- Additionally updates the PostgreSQL & Redis subcharts to their newest major 10.x.x and 11.x.x, respectively, which contain similar changes.
+
+#### Considerations when upgrading to this version
+
+- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version does not support Helm v2 anymore.
+- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3.
+
+#### Useful links
+
+- [Bitnami Tutorial](https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues)
+- [Helm docs](https://helm.sh/docs/topics/v2_v3_migration)
+- [Helm Blog](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3)
+
+#### How to upgrade to version 7.0.0
+
+To upgrade to *7.0.0* from *6.x*, it should be done reusing the PVC(s) used to hold the data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is *airflow* and the release namespace *default*):
+
+> NOTE: Please, create a backup of your database before running any of those actions.
+
+1. Obtain the credentials and the names of the PVCs used to hold the data on your current release:
+
+```console
+        export AIRFLOW_PASSWORD=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-password}" | base64 --decode)
+        export AIRFLOW_FERNET_KEY=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-fernetKey}" | base64 --decode)
+        export AIRFLOW_SECRET_KEY=$(kubectl get secret --namespace default airflow -o jsonpath="{.data.airflow-secretKey}" | base64 --decode)
+        export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default airflow-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
+        export REDIS_PASSWORD=$(kubectl get secret --namespace default airflow-redis -o jsonpath="{.data.redis-password}" | base64 --decode)
+        export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=airflow,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}")
+```
+
+1. Delete the Airflow worker & PostgreSQL statefulset (notice the option *--cascade=false*):
+
+```console
+        kubectl delete statefulsets.apps --cascade=false airflow-postgresql
+        kubectl delete statefulsets.apps --cascade=false airflow-worker
+```
+
+1. Upgrade your release:
+
+> NOTE: Please remember to migrate all the values to its new path following the above notes, e.g: `airflow.loadExamples` -> `loadExamples` or `airflow.baseUrl=http://127.0.0.1:8080` -> `web.baseUrl=http://127.0.0.1:8080`.
+
+```console
+        helm upgrade airflow bitnami/airflow \
+          --set loadExamples=true \
+          --set web.baseUrl=http://127.0.0.1:8080 \
+          --set auth.password=$AIRFLOW_PASSWORD \
+          --set auth.fernetKey=$AIRFLOW_FERNET_KEY \
+          --set auth.secretKey=$AIRFLOW_SECRET_KEY \
+          --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD \
+          --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC \
+          --set redis.password=$REDIS_PASSWORD \
+          --set redis.cluster.enabled=true
+```
+
+1. Delete the existing Airflow worker & PostgreSQL pods and the new statefulset will create a new one:
+
+```console
+        kubectl delete pod airflow-postgresql-0
+        kubectl delete pod airflow-worker-0
+```
 
 ## License
 
@@ -761,4 +915,4 @@ Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.
@@ -1 +1,3 @@
+# How to use this folder
+
 You can copy here your DAGs files so they are mounted at "/opt/bitnami/airflow/dags" inside the docker image.
@@ -19,3 +19,5 @@
 .project
 .idea/
 *.tmproj
+# img folder
+img/
Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
	`1`	`+# How to use this folder`
	`2`	`+`
`1`	`3`	`You can copy here your DAGs files so they are mounted at "/opt/bitnami/airflow/dags" inside the docker image.`