Added chart versions:

  cockroach-labs/cockroachdb:
    - 14.0.5
  jfrog/artifactory-ha:
    - 107.90.15
  jfrog/artifactory-jcr:
    - 107.90.15
  kuma/kuma:
    - 2.9.0
  nats/nats:
    - 1.2.6
  speedscale/speedscale-operator:
    - 2.2.567

charts/cockroach-labs/cockroachdb/14.0.5/CONTRIBUTING.md

@@ -0,0 +1,14 @@
+# Contributing
+
+Contributions are welcome!
+
+For every change, please increment the `version` contained in
+[Chart.yaml](https://github.com/cockroachdb/helm-charts/blob/master/cockroachdb/Chart.yaml).
+The `version` roughly follows the [SEMVER](https://semver.org/) versioning 
+pattern. For changes which do not affect backwards compatibility, the PATCH or
+MINOR version must be incremented, e.g. `4.1.3` -> `4.1.4`. For changes which
+affect the backwards compatibility of the chart, the major version must be
+incremented, e.g. `4.1.3` -> `5.0.0`. Examples of changes which affect backwards
+compatibility include any major version releases of CockroachDB, as well as any
+breaking changes to the CockroachDB chart templates.
+

charts/cockroach-labs/cockroachdb/14.0.5/Chart.yaml

@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/display-name: CockroachDB
+  catalog.cattle.io/kube-version: '>=1.8-0'
+  catalog.cattle.io/release-name: cockroachdb
+apiVersion: v1
+appVersion: 24.2.4
+description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
+home: https://www.cockroachlabs.com
+icon: file://assets/icons/cockroachdb.png
+kubeVersion: '>=1.8-0'
+maintainers:
+- email: [email protected]
+  name: cockroachlabs
+name: cockroachdb
+sources:
+- https://github.com/cockroachdb/cockroach
+version: 14.0.5

charts/cockroach-labs/cockroachdb/14.0.5/app-readme.md

@@ -0,0 +1,9 @@
+# CockroachDB Chart
+
+CockroachDB is a Distributed SQL database that runs natively in Kubernetes. It gives you resilient, horizontal scale across multiple clouds with always-on availability and data partitioned by location.
+
+CockroachDB scales horizontally without reconfiguration or need for a massive architectural overhaul. Simply add a new node to the cluster and CockroachDB takes care of the underlying complexity.
+
+    - Scale by simply adding new nodes to a CockroachDB cluster
+    - Automate balancing and distribution of ranges, not shards
+    - Optimize server utilization evenly across all nodes

charts/cockroach-labs/cockroachdb/14.0.5/templates/NOTES.txt

@@ -0,0 +1,50 @@
+CockroachDB can be accessed via port {{ .Values.service.ports.grpc.external.port }} at the
+following DNS name from within your cluster:
+
+{{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }}.svc.cluster.local
+
+Because CockroachDB supports the PostgreSQL wire protocol, you can connect to
+the cluster using any available PostgreSQL client.
+
+{{- if not .Values.tls.enabled }}
+
+For example, you can open up a SQL shell to the cluster by running:
+
+    kubectl run -it --rm cockroach-client \
+        --image=cockroachdb/cockroach \
+        --restart=Never \
+      {{- if .Values.networkPolicy.enabled }}
+        --labels="{{ template "cockroachdb.fullname" . }}-client=true" \
+      {{- end }}
+        --command -- \
+        ./cockroach sql --insecure --host={{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }}
+
+From there, you can interact with the SQL shell as you would any other SQL
+shell, confident that any data you write will be safe and available even if
+parts of your cluster fail.
+{{- else }}
+
+Note that because the cluster is running in secure mode, any client application
+that you attempt to connect will either need to have a valid client certificate
+or a valid username and password.
+{{- end }}
+
+{{- if and (.Values.networkPolicy.enabled) (not (empty .Values.networkPolicy.ingress.grpc)) }}
+
+Note: Since NetworkPolicy is enabled, the only Pods allowed to connect to this
+CockroachDB cluster are:
+
+1. Having the label: "{{ template "cockroachdb.fullname" . }}-client=true"
+
+2. Matching the following rules: {{- toYaml .Values.networkPolicy.ingress.grpc | nindent 0 }}
+{{- end }}
+
+Finally, to open up the CockroachDB admin UI, you can port-forward from your
+local machine into one of the instances in the cluster:
+
+    kubectl port-forward -n {{ .Release.Namespace }} {{ template "cockroachdb.fullname" . }}-0 {{ index .Values.conf `http-port` | int64 }} 
+
+Then you can access the admin UI at http{{ if .Values.tls.enabled }}s{{ end }}://localhost:{{ index .Values.conf `http-port` | int64 }}/ in your web browser.
+
+For more information on using CockroachDB, please see the project's docs at:
+https://www.cockroachlabs.com/docs/

charts/cockroach-labs/cockroachdb/14.0.5/templates/_helpers.tpl

@@ -0,0 +1,291 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cockroachdb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 56 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cockroachdb.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+    {{- .Values.fullnameOverride | trunc 56 | trimSuffix "-" -}}
+{{- else -}}
+    {{- $name := default .Chart.Name .Values.nameOverride -}}
+    {{- if contains $name .Release.Name -}}
+        {{- .Release.Name | trunc 56 | trimSuffix "-" -}}
+    {{- else -}}
+        {{- printf "%s-%s" .Release.Name $name | trunc 56 | trimSuffix "-" -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name for cluster scope resource.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name with release namespace appended at the end.
+*/}}
+{{- define "cockroachdb.clusterfullname" -}}
+{{- if .Values.fullnameOverride -}}
+    {{- printf "%s-%s" .Values.fullnameOverride .Release.Namespace | trunc 56 | trimSuffix "-" -}}
+{{- else -}}
+    {{- $name := default .Chart.Name .Values.nameOverride -}}
+    {{- if contains $name .Release.Name -}}
+        {{- printf "%s-%s" .Release.Name .Release.Namespace | trunc 56 | trimSuffix "-" -}}
+    {{- else -}}
+        {{- printf "%s-%s-%s" .Release.Name $name .Release.Namespace | trunc 56 | trimSuffix "-" -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cockroachdb.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 56 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the ServiceAccount to use.
+*/}}
+{{- define "cockroachdb.serviceAccount.name" -}}
+{{- if .Values.statefulset.serviceAccount.create -}}
+    {{- default (include "cockroachdb.fullname" .) .Values.statefulset.serviceAccount.name -}}
+{{- else -}}
+    {{- default "default" .Values.statefulset.serviceAccount.name -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for NetworkPolicy.
+*/}}
+{{- define "cockroachdb.networkPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.4-0, <=1.7-0" .Capabilities.KubeVersion.Version -}}
+    {{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.Version -}}
+    {{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for StatefulSets
+*/}}
+{{- define "cockroachdb.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.12-0" .Capabilities.KubeVersion.Version -}}
+    {{- print "apps/v1beta1" -}}
+{{- else -}}
+    {{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return CockroachDB store expression
+*/}}
+{{- define "cockroachdb.conf.store" -}}
+{{- $isInMemory := eq (.Values.conf.store.type | toString) "mem" -}}
+{{- $persistentSize := empty .Values.conf.store.size | ternary .Values.storage.persistentVolume.size .Values.conf.store.size -}}
+
+{{- $store := dict -}}
+{{- $_ := set $store "type" ($isInMemory | ternary "type=mem" "") -}}
+{{- $_ := set $store "path" ($isInMemory | ternary "" (print "path=" .Values.conf.path)) -}}
+{{- $_ := set $store "size" (print "size=" ($isInMemory | ternary .Values.conf.store.size $persistentSize)) -}}
+{{- $_ := set $store "attrs" (empty .Values.conf.store.attrs | ternary "" (print "attrs=" .Values.conf.store.attrs)) -}}
+
+{{ compact (values $store) | join "," }}
+{{- end -}}
+
+{{/*
+Define the default values for the certificate selfSigner inputs
+*/}}
+{{- define "selfcerts.fullname" -}}
+  {{- printf "%s-%s" (include "cockroachdb.fullname" .) "self-signer" | trunc 56 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "rotatecerts.fullname" -}}
+  {{- printf "%s-%s" (include "cockroachdb.fullname" .) "rotate-self-signer" | trunc 56 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "selfcerts.minimumCertDuration" -}}
+  {{- if .Values.tls.certs.selfSigner.minimumCertDuration -}}
+    {{- print (.Values.tls.certs.selfSigner.minimumCertDuration | trimSuffix "h") -}}
+  {{- else }}
+    {{- $minCertDuration := min (sub (.Values.tls.certs.selfSigner.clientCertDuration | trimSuffix "h" ) (.Values.tls.certs.selfSigner.clientCertExpiryWindow | trimSuffix "h")) (sub (.Values.tls.certs.selfSigner.nodeCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.nodeCertExpiryWindow | trimSuffix "h")) -}}
+    {{- print $minCertDuration -}}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Define the cron schedules for certificate rotate jobs and converting from hours to valid cron string.
+We assume that each month has 31 days, hence the cron job may run few days earlier in a year. In a cron schedule,
+we can not set a cron of more than a year, hence we try to run the cron in such a way that the cron run comes to
+as close possible to the expiry window. However, it is possible that cron may run earlier than the expiry window.
+*/}}
+{{- define "selfcerts.caRotateSchedule" -}}
+{{- $tempHours := sub (.Values.tls.certs.selfSigner.caCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.caCertExpiryWindow | trimSuffix "h") -}}
+{{- $days := "*" -}}
+{{- $months := "*" -}}
+{{- $hours := mod $tempHours 24 -}}
+{{- if not (eq $hours $tempHours) -}}
+{{- $tempDays := div $tempHours 24 -}}
+{{- $days = mod $tempDays 31 -}}
+{{- if not (eq $days $tempDays) -}}
+{{- $days = add $days 1 -}}
+{{- $tempMonths := div $tempDays 31 -}}
+{{- $months = mod $tempMonths 12 -}}
+{{- if not (eq $months $tempMonths) -}}
+{{- $months = add $months 1 -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if ne (toString $months) "*" -}}
+{{- $months = printf "*/%s" (toString $months) -}}
+{{- else -}}
+{{- if ne (toString $days) "*" -}}
+{{- $days = printf "*/%s" (toString $days) -}}
+{{- else -}}
+{{- if ne $hours 0 -}}
+{{- $hours = printf "*/%s" (toString $hours) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- printf "0 %s %s %s *" (toString $hours) (toString $days) (toString $months) -}}
+{{- end -}}
+
+{{- define "selfcerts.clientRotateSchedule" -}}
+{{- $tempHours := int64 (include "selfcerts.minimumCertDuration" .) -}}
+{{- $days := "*" -}}
+{{- $months := "*" -}}
+{{- $hours := mod $tempHours 24 -}}
+{{- if not (eq $hours $tempHours) -}}
+{{- $tempDays := div $tempHours 24 -}}
+{{- $days = mod $tempDays 31 -}}
+{{- if not (eq $days $tempDays) -}}
+{{- $days = add $days 1 -}}
+{{- $tempMonths := div $tempDays 31 -}}
+{{- $months = mod $tempMonths 12 -}}
+{{- if not (eq $months $tempMonths) -}}
+{{- $months = add $months 1 -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if ne (toString $months) "*" -}}
+{{- $months = printf "*/%s" (toString $months) -}}
+{{- else -}}
+{{- if ne (toString $days) "*" -}}
+{{- $days = printf "*/%s" (toString $days) -}}
+{{- else -}}
+{{- if ne $hours 0 -}}
+{{- $hours = printf "*/%s" (toString $hours) -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- printf "0 %s %s %s *" (toString $hours) (toString $days) (toString $months) -}}
+{{- end -}}
+
+{{/*
+Define the appropriate validations for the certificate selfSigner inputs
+*/}}
+
+{{/*
+Validate that if caProvided is true, then the caSecret must not be empty and secret must be present in the namespace.
+*/}}
+{{- define "cockroachdb.tls.certs.selfSigner.caProvidedValidation" -}}
+{{- if .Values.tls.certs.selfSigner.caProvided -}}
+{{- if eq "" .Values.tls.certs.selfSigner.caSecret -}}
+    {{ fail "CA secret can't be empty if caProvided is set to true" }}
+{{- else -}}
+    {{- if not (lookup "v1" "Secret" .Release.Namespace .Values.tls.certs.selfSigner.caSecret) }}
+        {{ fail "CA secret is not present in the release namespace" }}
+    {{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate that if caCertDuration or caCertExpiryWindow must not be empty and caCertExpiryWindow must be greater than
+minimumCertDuration.
+*/}}
+{{- define "cockroachdb.tls.certs.selfSigner.caCertValidation" -}}
+{{- if not .Values.tls.certs.selfSigner.caProvided -}}
+{{- if or (not .Values.tls.certs.selfSigner.caCertDuration) (not .Values.tls.certs.selfSigner.caCertExpiryWindow) }}
+  {{ fail "CA cert duration or CA cert expiry window can not be empty" }}
+{{- else }}
+{{- if gt (int64 (include "selfcerts.minimumCertDuration" .)) (int64 (.Values.tls.certs.selfSigner.caCertExpiryWindow | trimSuffix "h")) -}}
+  {{ fail "CA cert expiration window should not be less than minimum Cert duration" }}
+{{- end -}}
+{{- if gt (int64 (include "selfcerts.minimumCertDuration" .)) (sub (.Values.tls.certs.selfSigner.caCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.caCertExpiryWindow | trimSuffix "h")) -}}
+  {{ fail "CA cert Duration minus CA cert expiration window should not be less than minimum Cert duration" }}
+{{- end -}}
+{{- end -}}
+{{- end }}
+{{- end -}}
+
+{{/*
+Validate that if clientCertDuration must not be empty and it must be greater than minimumCertDuration.
+*/}}
+{{- define "cockroachdb.tls.certs.selfSigner.clientCertValidation" -}}
+{{- if or (not .Values.tls.certs.selfSigner.clientCertDuration) (not .Values.tls.certs.selfSigner.clientCertExpiryWindow) }}
+  {{ fail "Client cert duration can not be empty" }}
+{{- else }}
+{{- if lt (sub (.Values.tls.certs.selfSigner.clientCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.clientCertExpiryWindow | trimSuffix "h")) (int64 (include "selfcerts.minimumCertDuration" .)) }}
+   {{ fail "Client cert duration minus client cert expiry window should not be less than minimum Cert duration" }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Validate that nodeCertDuration must not be empty and nodeCertDuration minus nodeCertExpiryWindow must be greater than minimumCertDuration.
+*/}}
+{{- define "cockroachdb.tls.certs.selfSigner.nodeCertValidation" -}}
+{{- if or (not .Values.tls.certs.selfSigner.nodeCertDuration) (not .Values.tls.certs.selfSigner.nodeCertExpiryWindow) }}
+  {{ fail "Node cert duration can not be empty" }}
+{{- else }}
+{{- if lt (sub (.Values.tls.certs.selfSigner.nodeCertDuration | trimSuffix "h") (.Values.tls.certs.selfSigner.nodeCertExpiryWindow | trimSuffix "h")) (int64 (include "selfcerts.minimumCertDuration" .))}}
+   {{ fail "Node cert duration minus node cert expiry window should not be less than minimum Cert duration" }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Validate that if user enabled tls, then either self-signed certificates or certificate manager is enabled
+*/}}
+{{- define "cockroachdb.tlsValidation" -}}
+{{- if .Values.tls.enabled -}}
+{{- if and .Values.tls.certs.selfSigner.enabled .Values.tls.certs.certManager -}}
+    {{ fail "Can not enable the self signed certificates and certificate manager at the same time" }}
+{{- end -}}
+{{- if and (not .Values.tls.certs.selfSigner.enabled) (not .Values.tls.certs.certManager) -}}
+    {{- if not .Values.tls.certs.provided -}}
+        {{ fail "You have to enable either self signed certificates or certificate manager, if you have enabled tls" }}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+
+{{- define "cockroachdb.tls.certs.selfSigner.validation" -}}
+{{ include "cockroachdb.tls.certs.selfSigner.caProvidedValidation" . }}
+{{ include "cockroachdb.tls.certs.selfSigner.caCertValidation" . }}
+{{ include "cockroachdb.tls.certs.selfSigner.clientCertValidation" . }}
+{{ include "cockroachdb.tls.certs.selfSigner.nodeCertValidation" . }}
+{{- end -}}
+
+{{- define "cockroachdb.securityContext.versionValidation" }}
+{{- /* Allow using `securityContext` for custom images. */}}
+{{- if ne "cockroachdb/cockroach" .Values.image.repository -}}
+    {{ print true }}
+{{- else -}}
+{{- if semverCompare ">=22.1.2" .Values.image.tag -}}
+    {{ print true }}
+{{- else -}}
+{{- if semverCompare ">=21.2.13, <22.1.0" .Values.image.tag -}}
+    {{ print true }}
+{{- else -}}
+    {{ print false }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}