diff --git a/bitnami/kong/Chart.yaml b/bitnami/kong/Chart.yaml index 3508f89a82..0f21149efe 100644 --- a/bitnami/kong/Chart.yaml +++ b/bitnami/kong/Chart.yaml @@ -45,4 +45,4 @@ maintainers: name: kong sources: - https://github.com/bitnami/charts/tree/main/bitnami/kong -version: 10.0.2 +version: 10.1.0 diff --git a/bitnami/kong/README.md b/bitnami/kong/README.md index 33aec136cc..0144cf73ea 100644 --- a/bitnami/kong/README.md +++ b/bitnami/kong/README.md @@ -93,42 +93,47 @@ helm delete my-release ### Kong deployment / daemonset parameters -| Name | Description | Value | -| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | --------------- | -| `useDaemonset` | Use a daemonset instead of a deployment. `replicaCount` will not take effect. | `false` | -| `replicaCount` | Number of Kong replicas | `2` | -| `containerSecurityContext.enabled` | Enabled Kong containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set Kong container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Kong container's Security Context runAsNonRoot | `true` | -| `podSecurityContext.enabled` | Enabled Kong pods' Security Context | `false` | -| `podSecurityContext.fsGroup` | Set Kong pod's Security Context fsGroup | `1001` | -| `updateStrategy.type` | Kong update strategy | `RollingUpdate` | -| `updateStrategy.rollingUpdate` | Kong deployment rolling update configuration parameters | `{}` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `priorityClassName` | Priority Class Name | `""` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `terminationGracePeriodSeconds` | Seconds Kong pod needs to terminate gracefully | `""` | -| `podAnnotations` | Additional pod annotations | `{}` | -| `podLabels` | Additional pod labels | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `extraVolumes` | Array of extra volumes to be added to the Kong deployment deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `initContainers` | Add additional init containers to the Kong pods | `[]` | -| `sidecars` | Add additional sidecar containers to the Kong pods | `[]` | -| `autoscaling.enabled` | Deploy a HorizontalPodAutoscaler object for the Kong deployment | `false` | -| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `2` | -| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `5` | -| `autoscaling.metrics` | Metrics to use when deciding to scale the deployment (evaluated as a template) | `[]` | -| `pdb.create` | Deploy a PodDisruptionBudget object for Kong deployment | `false` | -| `pdb.minAvailable` | Minimum available Kong replicas (expressed in percentage) | `""` | -| `pdb.maxUnavailable` | Maximum unavailable Kong replicas (expressed in percentage) | `50%` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `useDaemonset` | Use a daemonset instead of a deployment. `replicaCount` will not take effect. | `false` | +| `replicaCount` | Number of Kong replicas | `2` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `podSecurityContext.enabled` | Enabled Kong pods' Security Context | `false` | +| `podSecurityContext.fsGroup` | Set Kong pod's Security Context fsGroup | `1001` | +| `updateStrategy.type` | Kong update strategy | `RollingUpdate` | +| `updateStrategy.rollingUpdate` | Kong deployment rolling update configuration parameters | `{}` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `priorityClassName` | Priority Class Name | `""` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `terminationGracePeriodSeconds` | Seconds Kong pod needs to terminate gracefully | `""` | +| `podAnnotations` | Additional pod annotations | `{}` | +| `podLabels` | Additional pod labels | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `extraVolumes` | Array of extra volumes to be added to the Kong deployment deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | +| `initContainers` | Add additional init containers to the Kong pods | `[]` | +| `sidecars` | Add additional sidecar containers to the Kong pods | `[]` | +| `autoscaling.enabled` | Deploy a HorizontalPodAutoscaler object for the Kong deployment | `false` | +| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `2` | +| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `5` | +| `autoscaling.metrics` | Metrics to use when deciding to scale the deployment (evaluated as a template) | `[]` | +| `pdb.create` | Deploy a PodDisruptionBudget object for Kong deployment | `false` | +| `pdb.minAvailable` | Minimum available Kong replicas (expressed in percentage) | `""` | +| `pdb.maxUnavailable` | Maximum unavailable Kong replicas (expressed in percentage) | `50%` | ### Kong Container Parameters diff --git a/bitnami/kong/values.yaml b/bitnami/kong/values.yaml index 47e309a053..01820f7542 100644 --- a/bitnami/kong/values.yaml +++ b/bitnami/kong/values.yaml @@ -108,14 +108,26 @@ useDaemonset: false replicaCount: 2 ## Kong containers' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Kong containers' Security Context -## @param containerSecurityContext.runAsUser Set Kong container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set Kong container's Security Context runAsNonRoot +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## Kong pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled Kong pods' Security Context