diff --git a/bitnami/multus-cni/Chart.lock b/bitnami/multus-cni/Chart.lock index b21f06478c..8a377da917 100644 --- a/bitnami/multus-cni/Chart.lock +++ b/bitnami/multus-cni/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.16.1 -digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 -generated: "2024-02-21T14:21:57.941000714Z" + version: 2.18.0 +digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280 +generated: "2024-03-05T14:59:43.912730942+01:00" diff --git a/bitnami/multus-cni/Chart.yaml b/bitnami/multus-cni/Chart.yaml index 73a14a2d7e..6d2d21e6fc 100644 --- a/bitnami/multus-cni/Chart.yaml +++ b/bitnami/multus-cni/Chart.yaml @@ -29,4 +29,4 @@ maintainers: name: multus-cni sources: - https://github.com/bitnami/charts/tree/main/bitnami/multus-cni -version: 1.8.0 +version: 1.9.0 diff --git a/bitnami/multus-cni/README.md b/bitnami/multus-cni/README.md index 2dca7c8d10..5caf376a03 100644 --- a/bitnami/multus-cni/README.md +++ b/bitnami/multus-cni/README.md @@ -57,11 +57,12 @@ The command removes all the Kubernetes components associated with the chart and ### Global parameters -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | ### Common parameters diff --git a/bitnami/multus-cni/templates/daemonset.yaml b/bitnami/multus-cni/templates/daemonset.yaml index d58496ff69..28145b74cb 100644 --- a/bitnami/multus-cni/templates/daemonset.yaml +++ b/bitnami/multus-cni/templates/daemonset.yaml @@ -30,7 +30,7 @@ spec: hostNetwork: true serviceAccountName: {{ include "multus-cni.serviceAccountName" . }} {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} @@ -70,7 +70,7 @@ spec: - "/usr/src/multus-cni/bin/multus" - "{{ .Values.CNIMountPath }}/opt/cni/bin/" {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: cni-bin-dir @@ -84,7 +84,7 @@ spec: - "--type" - "thin" {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: cni-bin-dir @@ -122,7 +122,7 @@ spec: {{- end }} {{- end }} {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} env: - name: BITNAMI_DEBUG diff --git a/bitnami/multus-cni/values.yaml b/bitnami/multus-cni/values.yaml index d9241404fa..dd5425425a 100644 --- a/bitnami/multus-cni/values.yaml +++ b/bitnami/multus-cni/values.yaml @@ -19,6 +19,15 @@ global: ## imagePullSecrets: [] storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: disabled ## @section Common parameters ##