mirror of
https://github.com/bitnami/charts.git
synced 2026-02-20 03:58:02 +08:00
[bitnami/kong] feat: ✨ Add support for PSA restricted policy (#20464)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
349e48c275
commit
0e79d2e651
@@ -45,4 +45,4 @@ maintainers:
|
||||
name: kong
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/kong
|
||||
version: 10.0.2
|
||||
version: 10.1.0
|
||||
|
||||
@@ -93,42 +93,47 @@ helm delete my-release
|
||||
|
||||
### Kong deployment / daemonset parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | --------------- |
|
||||
| `useDaemonset` | Use a daemonset instead of a deployment. `replicaCount` will not take effect. | `false` |
|
||||
| `replicaCount` | Number of Kong replicas | `2` |
|
||||
| `containerSecurityContext.enabled` | Enabled Kong containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set Kong container's Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set Kong container's Security Context runAsNonRoot | `true` |
|
||||
| `podSecurityContext.enabled` | Enabled Kong pods' Security Context | `false` |
|
||||
| `podSecurityContext.fsGroup` | Set Kong pod's Security Context fsGroup | `1001` |
|
||||
| `updateStrategy.type` | Kong update strategy | `RollingUpdate` |
|
||||
| `updateStrategy.rollingUpdate` | Kong deployment rolling update configuration parameters | `{}` |
|
||||
| `hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `priorityClassName` | Priority Class Name | `""` |
|
||||
| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `terminationGracePeriodSeconds` | Seconds Kong pod needs to terminate gracefully | `""` |
|
||||
| `podAnnotations` | Additional pod annotations | `{}` |
|
||||
| `podLabels` | Additional pod labels | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `extraVolumes` | Array of extra volumes to be added to the Kong deployment deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` |
|
||||
| `initContainers` | Add additional init containers to the Kong pods | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the Kong pods | `[]` |
|
||||
| `autoscaling.enabled` | Deploy a HorizontalPodAutoscaler object for the Kong deployment | `false` |
|
||||
| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `2` |
|
||||
| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `5` |
|
||||
| `autoscaling.metrics` | Metrics to use when deciding to scale the deployment (evaluated as a template) | `[]` |
|
||||
| `pdb.create` | Deploy a PodDisruptionBudget object for Kong deployment | `false` |
|
||||
| `pdb.minAvailable` | Minimum available Kong replicas (expressed in percentage) | `""` |
|
||||
| `pdb.maxUnavailable` | Maximum unavailable Kong replicas (expressed in percentage) | `50%` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `useDaemonset` | Use a daemonset instead of a deployment. `replicaCount` will not take effect. | `false` |
|
||||
| `replicaCount` | Number of Kong replicas | `2` |
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `podSecurityContext.enabled` | Enabled Kong pods' Security Context | `false` |
|
||||
| `podSecurityContext.fsGroup` | Set Kong pod's Security Context fsGroup | `1001` |
|
||||
| `updateStrategy.type` | Kong update strategy | `RollingUpdate` |
|
||||
| `updateStrategy.rollingUpdate` | Kong deployment rolling update configuration parameters | `{}` |
|
||||
| `hostAliases` | Add deployment host aliases | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `priorityClassName` | Priority Class Name | `""` |
|
||||
| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `terminationGracePeriodSeconds` | Seconds Kong pod needs to terminate gracefully | `""` |
|
||||
| `podAnnotations` | Additional pod annotations | `{}` |
|
||||
| `podLabels` | Additional pod labels | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `extraVolumes` | Array of extra volumes to be added to the Kong deployment deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` |
|
||||
| `initContainers` | Add additional init containers to the Kong pods | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the Kong pods | `[]` |
|
||||
| `autoscaling.enabled` | Deploy a HorizontalPodAutoscaler object for the Kong deployment | `false` |
|
||||
| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `2` |
|
||||
| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `5` |
|
||||
| `autoscaling.metrics` | Metrics to use when deciding to scale the deployment (evaluated as a template) | `[]` |
|
||||
| `pdb.create` | Deploy a PodDisruptionBudget object for Kong deployment | `false` |
|
||||
| `pdb.minAvailable` | Minimum available Kong replicas (expressed in percentage) | `""` |
|
||||
| `pdb.maxUnavailable` | Maximum unavailable Kong replicas (expressed in percentage) | `50%` |
|
||||
|
||||
### Kong Container Parameters
|
||||
|
||||
|
||||
@@ -108,14 +108,26 @@ useDaemonset: false
|
||||
replicaCount: 2
|
||||
## Kong containers' Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param containerSecurityContext.enabled Enabled Kong containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set Kong container's Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set Kong container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Kong pods' Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param podSecurityContext.enabled Enabled Kong pods' Security Context
|
||||
|
||||
Reference in New Issue
Block a user