Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-28 07:28:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/rabbitmq] fix: 🔒 Move service-account token auto-mount to pod declaration (#22453)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-01-19 10:15:40 +01:00
committed by GitHub
parent 60283596bc
commit 0f92db5dd4
4 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/rabbitmq/Chart.yaml
View File

@@ -30,4 +30,4 @@ maintainers:
name: rabbitmq
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
version: 12.7.1
version: 12.8.0

15
bitnami/rabbitmq/README.md
View File

@@ -91,6 +91,7 @@ The command removes all the Kubernetes components associated with the chart and
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
| `automountServiceAccountToken` | Mount Service Account token in pod | `true` |
| `hostAliases` | Deployment pod host aliases | `[]` |
| `dnsPolicy` | DNS Policy for pod | `""` |
| `dnsConfig` | DNS Configuration pod | `{}` |
@@ -254,13 +255,13 @@ The command removes all the Kubernetes components associated with the chart and
### RBAC parameters
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------ | ------ |
| `serviceAccount.create` | Enable creation of ServiceAccount for RabbitMQ pods | `true` |
| `serviceAccount.name` | Name of the created serviceAccount | `""` |
| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `true` |
| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
| `rbac.create` | Whether RBAC rules should be created | `true` |
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------ | ------- |
| `serviceAccount.create` | Enable creation of ServiceAccount for RabbitMQ pods | `true` |
| `serviceAccount.name` | Name of the created serviceAccount | `""` |
| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `false` |
| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
| `rbac.create` | Whether RBAC rules should be created | `true` |
### Persistence parameters

1
bitnami/rabbitmq/templates/statefulset.yaml
View File

@@ -58,6 +58,7 @@ spec:
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}

5
bitnami/rabbitmq/values.yaml
View File

@@ -112,6 +112,9 @@ diagnosticMode:
args:
- infinity
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
@@ -919,7 +922,7 @@ serviceAccount:
name: ""
## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod
##
automountServiceAccountToken: true
automountServiceAccountToken: false
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
annotations: {}