From 3c8ef421a131f3c69c1bf6b95bbae8d1c7ef6b31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 10 Dec 2024 21:21:06 +0100 Subject: [PATCH] [bitnami/mongodb-sharded] Detect non-standard images (#30927) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/mongodb-sharded] Detect non-standard images Signed-off-by: Carlos Rodríguez Hernández * Modify NOTES.txt Signed-off-by: Carlos Rodríguez Hernández * Update CHANGELOG.md Signed-off-by: Bitnami Containers * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers --------- Signed-off-by: Carlos Rodríguez Hernández Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/mongodb-sharded/CHANGELOG.md | 8 ++++++-- bitnami/mongodb-sharded/Chart.lock | 6 +++--- bitnami/mongodb-sharded/Chart.yaml | 2 +- bitnami/mongodb-sharded/README.md | 19 ++++++++++++------- bitnami/mongodb-sharded/templates/NOTES.txt | 3 ++- bitnami/mongodb-sharded/values.yaml | 5 +++++ 6 files changed, 29 insertions(+), 14 deletions(-) diff --git a/bitnami/mongodb-sharded/CHANGELOG.md b/bitnami/mongodb-sharded/CHANGELOG.md index e430db3322..f79059dfec 100644 --- a/bitnami/mongodb-sharded/CHANGELOG.md +++ b/bitnami/mongodb-sharded/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog -## 9.0.5 (2024-12-06) +## 9.1.0 (2024-12-10) -* [bitnami/mongodb-sharded] Release 9.0.5 ([#30821](https://github.com/bitnami/charts/pull/30821)) +* [bitnami/mongodb-sharded] Detect non-standard images ([#30927](https://github.com/bitnami/charts/pull/30927)) + +## 9.0.5 (2024-12-06) + +* [bitnami/mongodb-sharded] Release 9.0.5 (#30821) ([c926860](https://github.com/bitnami/charts/commit/c926860fff55e3718ed34b0b99b9196fd4331917)), closes [#30821](https://github.com/bitnami/charts/issues/30821) ## 9.0.4 (2024-12-04) diff --git a/bitnami/mongodb-sharded/Chart.lock b/bitnami/mongodb-sharded/Chart.lock index 32f0b54a26..f824d62568 100644 --- a/bitnami/mongodb-sharded/Chart.lock +++ b/bitnami/mongodb-sharded/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.27.2 -digest: sha256:6fd86cc5a4b5094abca1f23c8ec064e75e51eceaded94a5e20977274b2abb576 -generated: "2024-12-04T13:50:49.140629923Z" + version: 2.28.0 +digest: sha256:5b30f0fa07bb89b01c55fd6258c8ce22a611b13623d4ad83e8fdd1d4490adc74 +generated: "2024-12-10T17:16:53.230444+01:00" diff --git a/bitnami/mongodb-sharded/Chart.yaml b/bitnami/mongodb-sharded/Chart.yaml index a535468163..adb64f8185 100644 --- a/bitnami/mongodb-sharded/Chart.yaml +++ b/bitnami/mongodb-sharded/Chart.yaml @@ -35,4 +35,4 @@ maintainers: name: mongodb-sharded sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb-sharded -version: 9.0.5 +version: 9.1.0 diff --git a/bitnami/mongodb-sharded/README.md b/bitnami/mongodb-sharded/README.md index c5a36e208c..7ffc6316fa 100644 --- a/bitnami/mongodb-sharded/README.md +++ b/bitnami/mongodb-sharded/README.md @@ -182,13 +182,14 @@ The Bitnami Kibana chart supports mounting extra volumes (either PVCs, secrets o ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.security.allowInsecureImages` | Allows skipping image verification | `false` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | ### Common parameters @@ -725,6 +726,10 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 9.1.0 + +This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850). + If authentication is enabled, it's necessary to set the `auth.rootPassword` and `auth.replicaSetKey` when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use. Please note down the password, and run the command below to upgrade your chart: ```console diff --git a/bitnami/mongodb-sharded/templates/NOTES.txt b/bitnami/mongodb-sharded/templates/NOTES.txt index 252df19cd4..cf1fa949dd 100644 --- a/bitnami/mongodb-sharded/templates/NOTES.txt +++ b/bitnami/mongodb-sharded/templates/NOTES.txt @@ -65,4 +65,5 @@ To connect to your database from outside the cluster execute the following comma {{- include "mongodb-sharded.validateValues" . -}} {{- include "mongodb-sharded.checkRollingTags" . -}} {{- include "common.warnings.resources" (dict "sections" (list "configsvr" "metrics" "mongos" "shardsvr.arbiter" "shardsvr.dataNode" "volumePermissions") "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }} \ No newline at end of file +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }} +{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }} diff --git a/bitnami/mongodb-sharded/values.yaml b/bitnami/mongodb-sharded/values.yaml index 341d639ee4..0e8db25bfe 100644 --- a/bitnami/mongodb-sharded/values.yaml +++ b/bitnami/mongodb-sharded/values.yaml @@ -21,6 +21,11 @@ global: imagePullSecrets: [] defaultStorageClass: "" storageClass: "" + ## Security parameters + ## + security: + ## @param global.security.allowInsecureImages Allows skipping image verification + allowInsecureImages: false ## Compatibility adaptations for Kubernetes platforms ## compatibility: