From 1ad22e308d31b8bcaf5438c9f9f66c7b1cd6d4f6 Mon Sep 17 00:00:00 2001 From: zhan7236 <76658920+zhan7236@users.noreply.github.com> Date: Wed, 26 Nov 2025 01:45:36 +0000 Subject: [PATCH 1/6] [Improvement-17560][Helm] Migrate Helm chart dependencies to current Bitnami repository - Update PostgreSQL chart from 10.3.18 to 12.1.5 (recommended by Copilot AI review) - Update Zookeeper chart from 11.4.11 to 13.8.7 (latest stable in 13.8.x series) - Update MySQL chart from 9.4.1 to 9.23.0 (backward compatible) - Update MinIO chart from 11.10.13 to 12.13.2 (backward compatible) - Migrate all dependencies from archive-full-index to current Bitnami repository - Remove outdated comments about Bitnami repository changes This conservative update approach: - Uses PostgreSQL 12.1.5 as suggested to avoid breaking configuration schema changes - Maintains backward compatibility with existing values.yaml and templates - Migrates from legacy Bitnami registry to current repository - All dependencies verified to download successfully from new repository Addresses Copilot AI review feedback about breaking changes in newer chart versions. Closes #17561 Closes #17562 Closes #17563 Part of #17560 --- deploy/kubernetes/dolphinscheduler/Chart.yaml | 22 +++++++------------ 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/deploy/kubernetes/dolphinscheduler/Chart.yaml b/deploy/kubernetes/dolphinscheduler/Chart.yaml index 6ae98192ac33..c9029dc83be9 100644 --- a/deploy/kubernetes/dolphinscheduler/Chart.yaml +++ b/deploy/kubernetes/dolphinscheduler/Chart.yaml @@ -43,24 +43,18 @@ appVersion: 3.1.0 dependencies: - name: postgresql - version: 10.3.18 - # Due to a change in the Bitnami repo, https://charts.bitnami.com/bitnami was truncated only - # containing entries for the latest 6 months (from January 2022 on). - # This URL: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - # contains the full 'index.yaml'. - # See detail here: https://github.com/bitnami/charts/issues/10833 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 12.1.5 + repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled - name: zookeeper - version: 11.4.11 - # Same as above. - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 13.8.7 + repository: https://charts.bitnami.com/bitnami condition: zookeeper.enabled - name: mysql - version: 9.4.1 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 9.23.0 + repository: https://charts.bitnami.com/bitnami condition: mysql.enabled - name: minio - version: 11.10.13 - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + version: 12.13.2 + repository: https://charts.bitnami.com/bitnami condition: minio.enabled From 65dffd3f465c897e1d857952740beb85a3e9766c Mon Sep 17 00:00:00 2001 From: zhan7236 <76658920+zhan7236@users.noreply.github.com> Date: Wed, 26 Nov 2025 12:20:41 +0000 Subject: [PATCH 2/6] [Improvement-17560][Helm] Update Bitnami charts and migrate from legacy images - Update PostgreSQL chart from 10.3.18 to 12.1.5 - Migrate config from postgresqlUsername/Password/Database to auth.username/password/database - Migrate persistence from root level to primary.persistence - Update image from bitnamilegacy/postgresql:11.11.0 to bitnami/postgresql:15.1.0-debian-11-r12 - Update Zookeeper chart from 11.4.11 to 13.8.7 - Update image from bitnamilegacy/zookeeper:3.8.4 to bitnami/zookeeper:3.9.3-debian-12-r21 - Update MySQL chart from 9.4.1 to 9.23.0 - Update image from bitnamilegacy/mysql:8.0.31 to bitnami/mysql:8.0.36-debian-12-r8 - Update MinIO chart from 11.10.13 to 12.13.2 - Update image from bitnamilegacy/minio:2022.10.29 to bitnami/minio:2023.12.23-debian-11-r3 - Update templates to use new PostgreSQL auth.* config structure - _helpers.tpl: Update database env vars references - keda-autoscaler-worker.yaml: Update PostgreSQL trigger metadata - Migrate all repositories from archive-full-index to current Bitnami repository --- .../dolphinscheduler/templates/_helpers.tpl | 4 +- .../templates/keda-autoscaler-worker.yaml | 4 +- .../kubernetes/dolphinscheduler/values.yaml | 44 ++++++++++--------- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl b/deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl index ba3c8e367e1a..4479c9d7b875 100644 --- a/deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl +++ b/deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl @@ -151,7 +151,7 @@ Create a database environment variables. {{- end }} - name: SPRING_DATASOURCE_URL {{- if .Values.postgresql.enabled }} - value: jdbc:postgresql://{{ template "dolphinscheduler.postgresql.fullname" . }}:5432/{{ .Values.postgresql.postgresqlDatabase }}?{{ .Values.postgresql.params }} + value: jdbc:postgresql://{{ template "dolphinscheduler.postgresql.fullname" . }}:5432/{{ .Values.postgresql.auth.database }}?{{ .Values.postgresql.params }} {{- else if .Values.mysql.enabled }} value: jdbc:mysql://{{ template "dolphinscheduler.mysql.fullname" . }}:3306/{{ .Values.mysql.auth.database }}?{{ .Values.mysql.auth.params }} {{- else }} @@ -159,7 +159,7 @@ Create a database environment variables. {{- end }} - name: SPRING_DATASOURCE_USERNAME {{- if .Values.postgresql.enabled }} - value: {{ .Values.postgresql.postgresqlUsername }} + value: {{ .Values.postgresql.auth.username }} {{- else if .Values.mysql.enabled }} value: {{ .Values.mysql.auth.username }} {{- else }} diff --git a/deploy/kubernetes/dolphinscheduler/templates/keda-autoscaler-worker.yaml b/deploy/kubernetes/dolphinscheduler/templates/keda-autoscaler-worker.yaml index ca632181c4b4..e8e3b8d15c57 100644 --- a/deploy/kubernetes/dolphinscheduler/templates/keda-autoscaler-worker.yaml +++ b/deploy/kubernetes/dolphinscheduler/templates/keda-autoscaler-worker.yaml @@ -46,8 +46,8 @@ spec: metadata: host: {{ template "dolphinscheduler.postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local port: "5432" - dbName: {{ .Values.postgresql.postgresqlDatabase }} - userName: {{ .Values.postgresql.postgresqlUsername }} + dbName: {{ .Values.postgresql.auth.database }} + userName: {{ .Values.postgresql.auth.username }} passwordFromEnv: SPRING_DATASOURCE_PASSWORD sslmode: "disable" targetQueryValue: "1" diff --git a/deploy/kubernetes/dolphinscheduler/values.yaml b/deploy/kubernetes/dolphinscheduler/values.yaml index 039760e0464f..1f1d455fddf4 100644 --- a/deploy/kubernetes/dolphinscheduler/values.yaml +++ b/deploy/kubernetes/dolphinscheduler/values.yaml @@ -56,27 +56,29 @@ datasource: postgresql: # -- If not exists external PostgreSQL, by default, the DolphinScheduler will use a internal PostgreSQL enabled: true - # -- The username for internal PostgreSQL - postgresqlUsername: "root" - # -- The password for internal PostgreSQL - postgresqlPassword: "root" - # -- The database for internal PostgreSQL - postgresqlDatabase: "dolphinscheduler" # -- The driverClassName for internal PostgreSQL driverClassName: "org.postgresql.Driver" # -- The params for internal PostgreSQL params: "characterEncoding=utf8" - persistence: - # -- Set postgresql.persistence.enabled to true to mount a new volume for internal PostgreSQL - enabled: false - # -- `PersistentVolumeClaim` size - size: "20Gi" - # -- PostgreSQL data persistent volume storage class. If set to "-", storageClassName: "", which disables dynamic provisioning - storageClass: "-" + auth: + # -- The username for internal PostgreSQL + username: "root" + # -- The password for internal PostgreSQL + password: "root" + # -- The database for internal PostgreSQL + database: "dolphinscheduler" + primary: + persistence: + # -- Set postgresql.primary.persistence.enabled to true to mount a new volume for internal PostgreSQL + enabled: false + # -- `PersistentVolumeClaim` size + size: "20Gi" + # -- PostgreSQL data persistent volume storage class. If set to "-", storageClassName: "", which disables dynamic provisioning + storageClass: "-" image: registry: docker.io - repository: bitnamilegacy/postgresql - tag: 11.11.0 + repository: bitnami/postgresql + tag: 15.1.0-debian-11-r12 mysql: # -- If not exists external MySQL, by default, the DolphinScheduler will use a internal MySQL @@ -102,8 +104,8 @@ mysql: storageClass: "-" image: registry: docker.io - repository: bitnamilegacy/mysql - tag: 8.0.31-debian-11-r0 + repository: bitnami/mysql + tag: 8.0.36-debian-12-r8 minio: # -- Deploy minio and configure it as the default storage for DolphinScheduler, note this is for demo only, not for production. @@ -120,8 +122,8 @@ minio: defaultBuckets: "dolphinscheduler" image: registry: docker.io - repository: bitnamilegacy/minio - tag: 2022.10.29-debian-11-r0 + repository: bitnami/minio + tag: 2023.12.23-debian-11-r3 externalDatabase: @@ -162,8 +164,8 @@ zookeeper: storageClass: "-" image: registry: docker.io - repository: bitnamilegacy/zookeeper - tag: 3.8.4 + repository: bitnami/zookeeper + tag: 3.9.3-debian-12-r21 registryEtcd: # -- If you want to use Etcd for your registry center, change this value to true. And set zookeeper.enabled to false From 9296c9e0c54f1221150317d905e56ab8584fc931 Mon Sep 17 00:00:00 2001 From: zhan7236 <76658920+zhan7236@users.noreply.github.com> Date: Thu, 27 Nov 2025 02:40:27 +0000 Subject: [PATCH 3/6] [Improvement-17560][Helm] Update Helm chart README documentation Auto-generated by helm-docs for the updated chart configurations. --- deploy/kubernetes/dolphinscheduler/README.md | 28 ++++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/deploy/kubernetes/dolphinscheduler/README.md b/deploy/kubernetes/dolphinscheduler/README.md index 627f21814860..36d6c4ecbe5b 100644 --- a/deploy/kubernetes/dolphinscheduler/README.md +++ b/deploy/kubernetes/dolphinscheduler/README.md @@ -255,8 +255,8 @@ Please refer to the [Quick Start in Kubernetes](../../../docs/docs/en/guide/inst | minio.defaultBuckets | string | `"dolphinscheduler"` | minio default buckets | | minio.enabled | bool | `true` | Deploy minio and configure it as the default storage for DolphinScheduler, note this is for demo only, not for production. | | minio.image.registry | string | `"docker.io"` | | -| minio.image.repository | string | `"bitnamilegacy/minio"` | | -| minio.image.tag | string | `"2022.10.29-debian-11-r0"` | | +| minio.image.repository | string | `"bitnami/minio"` | | +| minio.image.tag | string | `"2023.12.23-debian-11-r3"` | | | minio.persistence.enabled | bool | `false` | Set minio.persistence.enabled to true to mount a new volume for internal minio | | mysql.auth.database | string | `"dolphinscheduler"` | mysql database | | mysql.auth.params | string | `"characterEncoding=utf8"` | mysql params | @@ -265,23 +265,23 @@ Please refer to the [Quick Start in Kubernetes](../../../docs/docs/en/guide/inst | mysql.driverClassName | string | `"com.mysql.cj.jdbc.Driver"` | mysql driverClassName | | mysql.enabled | bool | `false` | If not exists external MySQL, by default, the DolphinScheduler will use a internal MySQL | | mysql.image.registry | string | `"docker.io"` | | -| mysql.image.repository | string | `"bitnamilegacy/mysql"` | | -| mysql.image.tag | string | `"8.0.31-debian-11-r0"` | | +| mysql.image.repository | string | `"bitnami/mysql"` | | +| mysql.image.tag | string | `"8.0.36-debian-12-r8"` | | | mysql.primary.persistence.enabled | bool | `false` | Set mysql.primary.persistence.enabled to true to mount a new volume for internal MySQL | | mysql.primary.persistence.size | string | `"20Gi"` | `PersistentVolumeClaim` size | | mysql.primary.persistence.storageClass | string | `"-"` | MySQL data persistent volume storage class. If set to "-", storageClassName: "", which disables dynamic provisioning | +| postgresql.auth.database | string | `"dolphinscheduler"` | The database for internal PostgreSQL | +| postgresql.auth.password | string | `"root"` | The password for internal PostgreSQL | +| postgresql.auth.username | string | `"root"` | The username for internal PostgreSQL | | postgresql.driverClassName | string | `"org.postgresql.Driver"` | The driverClassName for internal PostgreSQL | | postgresql.enabled | bool | `true` | If not exists external PostgreSQL, by default, the DolphinScheduler will use a internal PostgreSQL | | postgresql.image.registry | string | `"docker.io"` | | -| postgresql.image.repository | string | `"bitnamilegacy/postgresql"` | | -| postgresql.image.tag | string | `"11.11.0"` | | +| postgresql.image.repository | string | `"bitnami/postgresql"` | | +| postgresql.image.tag | string | `"15.1.0-debian-11-r12"` | | | postgresql.params | string | `"characterEncoding=utf8"` | The params for internal PostgreSQL | -| postgresql.persistence.enabled | bool | `false` | Set postgresql.persistence.enabled to true to mount a new volume for internal PostgreSQL | -| postgresql.persistence.size | string | `"20Gi"` | `PersistentVolumeClaim` size | -| postgresql.persistence.storageClass | string | `"-"` | PostgreSQL data persistent volume storage class. If set to "-", storageClassName: "", which disables dynamic provisioning | -| postgresql.postgresqlDatabase | string | `"dolphinscheduler"` | The database for internal PostgreSQL | -| postgresql.postgresqlPassword | string | `"root"` | The password for internal PostgreSQL | -| postgresql.postgresqlUsername | string | `"root"` | The username for internal PostgreSQL | +| postgresql.primary.persistence.enabled | bool | `false` | Set postgresql.primary.persistence.enabled to true to mount a new volume for internal PostgreSQL | +| postgresql.primary.persistence.size | string | `"20Gi"` | `PersistentVolumeClaim` size | +| postgresql.primary.persistence.storageClass | string | `"-"` | PostgreSQL data persistent volume storage class. If set to "-", storageClassName: "", which disables dynamic provisioning | | registryEtcd.authority | string | `""` | Etcd authority | | registryEtcd.enabled | bool | `false` | If you want to use Etcd for your registry center, change this value to true. And set zookeeper.enabled to false | | registryEtcd.endpoints | string | `""` | Etcd endpoints | @@ -377,8 +377,8 @@ Please refer to the [Quick Start in Kubernetes](../../../docs/docs/en/guide/inst | zookeeper.enabled | bool | `true` | If not exists external registry, the zookeeper registry will be used by default. | | zookeeper.fourlwCommandsWhitelist | string | `"srvr,ruok,wchs,cons"` | A list of comma separated Four Letter Words commands to use | | zookeeper.image.registry | string | `"docker.io"` | | -| zookeeper.image.repository | string | `"bitnamilegacy/zookeeper"` | | -| zookeeper.image.tag | string | `"3.8.4"` | | +| zookeeper.image.repository | string | `"bitnami/zookeeper"` | | +| zookeeper.image.tag | string | `"3.9.3-debian-12-r21"` | | | zookeeper.persistence.enabled | bool | `false` | Set `zookeeper.persistence.enabled` to true to mount a new volume for internal ZooKeeper | | zookeeper.persistence.size | string | `"20Gi"` | PersistentVolumeClaim size | | zookeeper.persistence.storageClass | string | `"-"` | ZooKeeper data persistent volume storage class. If set to "-", storageClassName: "", which disables dynamic provisioning | From bb7daafb94a77b5271b10472baab15ffae195e51 Mon Sep 17 00:00:00 2001 From: zhan7236 <76658920+zhan7236@users.noreply.github.com> Date: Mon, 1 Dec 2025 06:48:57 +0000 Subject: [PATCH 4/6] fix: update PostgreSQL secret key for Bitnami chart 12.1.5 The new Bitnami PostgreSQL chart version 12.1.5 uses 'password' as the secret key instead of 'postgresql-password'. This change aligns the DolphinScheduler Helm chart with the new Bitnami chart format. This fix resolves the E2E-K8S test failure caused by the post-install hook timing out when trying to read the PostgreSQL password from the wrong secret key. --- deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl b/deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl index 4479c9d7b875..068d413ab409 100644 --- a/deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl +++ b/deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl @@ -170,7 +170,7 @@ Create a database environment variables. secretKeyRef: {{- if .Values.postgresql.enabled }} name: {{ template "dolphinscheduler.postgresql.fullname" . }} - key: postgresql-password + key: password {{- else if .Values.mysql.enabled }} name: {{ template "dolphinscheduler.mysql.fullname" . }} key: mysql-password From 17f3f8d864e38b98796f5dbbeadbc2af99d76d21 Mon Sep 17 00:00:00 2001 From: zhan7236 <76658920+zhan7236@users.noreply.github.com> Date: Tue, 16 Dec 2025 06:29:13 +0000 Subject: [PATCH 5/6] fix(helm): Use bitnamilegacy repository for images due to Bitnami policy change After August 28, 2025, ZooKeeper, MySQL, MinIO and specific version tags of PostgreSQL will be removed from docker.io/bitnami and moved to bitnamilegacy. This change: - Updates postgresql image repository to bitnamilegacy/postgresql - Updates mysql image repository to bitnamilegacy/mysql - Updates minio image repository to bitnamilegacy/minio - Updates zookeeper image repository to bitnamilegacy/zookeeper The Helm chart versions remain updated to use the new configuration format (auth.username, auth.password, etc.) which are compatible with bitnamilegacy images. --- deploy/kubernetes/dolphinscheduler/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/kubernetes/dolphinscheduler/values.yaml b/deploy/kubernetes/dolphinscheduler/values.yaml index 1f1d455fddf4..acfe77c8aedb 100644 --- a/deploy/kubernetes/dolphinscheduler/values.yaml +++ b/deploy/kubernetes/dolphinscheduler/values.yaml @@ -77,7 +77,7 @@ postgresql: storageClass: "-" image: registry: docker.io - repository: bitnami/postgresql + repository: bitnamilegacy/postgresql tag: 15.1.0-debian-11-r12 mysql: @@ -104,7 +104,7 @@ mysql: storageClass: "-" image: registry: docker.io - repository: bitnami/mysql + repository: bitnamilegacy/mysql tag: 8.0.36-debian-12-r8 minio: @@ -122,7 +122,7 @@ minio: defaultBuckets: "dolphinscheduler" image: registry: docker.io - repository: bitnami/minio + repository: bitnamilegacy/minio tag: 2023.12.23-debian-11-r3 @@ -164,7 +164,7 @@ zookeeper: storageClass: "-" image: registry: docker.io - repository: bitnami/zookeeper + repository: bitnamilegacy/zookeeper tag: 3.9.3-debian-12-r21 registryEtcd: From 4b9f474d8fd69e11300c302213b9462f4821d6d5 Mon Sep 17 00:00:00 2001 From: zhan7236 <76658920+zhan7236@users.noreply.github.com> Date: Wed, 17 Dec 2025 02:01:37 +0000 Subject: [PATCH 6/6] fix(helm): add global.security.allowInsecureImages for bitnamilegacy images The new Bitnami Helm charts (postgresql 12.1.5, zookeeper 13.8.7, etc.) include image signature verification that rejects non-standard images like bitnamilegacy. This causes Helm install to fail with: ERROR: Original containers have been substituted for unrecognized ones. Unrecognized images: docker.io/bitnamilegacy/zookeeper:3.9.3-debian-12-r21 Setting global.security.allowInsecureImages: true allows the use of bitnamilegacy images with the newer chart versions. Reference: https://github.com/bitnami/charts/issues/30850 --- deploy/kubernetes/dolphinscheduler/README.md | 1 + deploy/kubernetes/dolphinscheduler/values.yaml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/deploy/kubernetes/dolphinscheduler/README.md b/deploy/kubernetes/dolphinscheduler/README.md index 36d6c4ecbe5b..aa39148ff559 100644 --- a/deploy/kubernetes/dolphinscheduler/README.md +++ b/deploy/kubernetes/dolphinscheduler/README.md @@ -12,6 +12,7 @@ Please refer to the [Quick Start in Kubernetes](../../../docs/docs/en/guide/inst | Key | Type | Default | Description | |-----|------|---------|-------------| +| global.security.allowInsecureImages | bool | `true` | Allow using non-standard container images (required for bitnamilegacy images). This is required because the new Bitnami charts verify image signatures. | | alert.affinity | object | `{}` | Affinity is a group of affinity scheduling rules. If specified, the pod's scheduling constraints. More info: [node-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | | alert.annotations | object | `{}` | You can use annotations to attach arbitrary non-identifying metadata to objects. Clients such as tools and libraries can retrieve this metadata. | | alert.customizedConfig | object | `{}` | configure aligned with https://github.com/apache/dolphinscheduler/blob/dev/dolphinscheduler-alert/dolphinscheduler-alert-server/src/main/resources/application.yaml | diff --git a/deploy/kubernetes/dolphinscheduler/values.yaml b/deploy/kubernetes/dolphinscheduler/values.yaml index acfe77c8aedb..4f2abec745e8 100644 --- a/deploy/kubernetes/dolphinscheduler/values.yaml +++ b/deploy/kubernetes/dolphinscheduler/values.yaml @@ -19,6 +19,12 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- Global settings for Bitnami subcharts +global: + security: + # -- Allow using non-standard container images (required for bitnamilegacy images) + allowInsecureImages: true + # -- World time and date for cities in all time zones timezone: "Asia/Shanghai"