diff --git a/bitnami/tomcat/Chart.lock b/bitnami/tomcat/Chart.lock index b74001c4ad..537558ab47 100644 --- a/bitnami/tomcat/Chart.lock +++ b/bitnami/tomcat/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.16.1 -digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 -generated: "2024-02-21T11:53:54.023501109Z" + version: 2.18.0 +digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280 +generated: "2024-03-05T15:53:43.135308944+01:00" diff --git a/bitnami/tomcat/Chart.yaml b/bitnami/tomcat/Chart.yaml index 606d2308ea..8101af5830 100644 --- a/bitnami/tomcat/Chart.yaml +++ b/bitnami/tomcat/Chart.yaml @@ -35,4 +35,4 @@ maintainers: name: tomcat sources: - https://github.com/bitnami/charts/tree/main/bitnami/tomcat -version: 10.16.2 +version: 10.17.0 diff --git a/bitnami/tomcat/README.md b/bitnami/tomcat/README.md index 558447c2ea..37a7580ad1 100644 --- a/bitnami/tomcat/README.md +++ b/bitnami/tomcat/README.md @@ -59,11 +59,12 @@ The command removes all the Kubernetes components associated with the chart and ### Global parameters -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | ### Common parameters diff --git a/bitnami/tomcat/templates/_pod.tpl b/bitnami/tomcat/templates/_pod.tpl index 81d81f8625..0944cb68b0 100644 --- a/bitnami/tomcat/templates/_pod.tpl +++ b/bitnami/tomcat/templates/_pod.tpl @@ -32,7 +32,7 @@ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeS tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 2 }} {{- end }} {{- if .Values.podSecurityContext.enabled }} -securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 2 }} +securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 2 }} {{- end }} {{- if .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 2 }} @@ -66,7 +66,7 @@ containers: image: {{ template "tomcat.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 6 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 6 }} {{- end }} {{- if .Values.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 6 }} @@ -158,7 +158,7 @@ containers: image: {{ template "tomcat.metrics.jmx.image" . }} imagePullPolicy: {{ .Values.metrics.jmx.image.pullPolicy | quote }} {{- if .Values.metrics.jmx.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.metrics.jmx.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.metrics.jmx.containerSecurityContext "context" $) | nindent 12 }} {{- end }} command: - java diff --git a/bitnami/tomcat/values.yaml b/bitnami/tomcat/values.yaml index ec751e210b..5b5ea0b075 100644 --- a/bitnami/tomcat/values.yaml +++ b/bitnami/tomcat/values.yaml @@ -19,6 +19,15 @@ global: ## imagePullSecrets: [] storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: disabled ## @section Common parameters ##