From 4decca8eb92c6f98dce549f9d01d8ef6a191c75d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20H=C3=B6xtermann?= Date: Thu, 18 Jul 2024 10:30:37 +0200 Subject: [PATCH] [bitnami/discourse] fix: :bug: Remove incorrect CHMOD capability (#27982) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/discourse] fix: :bug: Remove incorrect CHMOD capability This fixes up an incomplete fix from 3eb5a5f8240de602890e13d61ba821801395ab3c Signed-off-by: Daniel Höxtermann * Update CHANGELOG.md Signed-off-by: Bitnami Containers * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers --------- Signed-off-by: Daniel Höxtermann Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/discourse/CHANGELOG.md | 8 +++- bitnami/discourse/Chart.yaml | 2 +- bitnami/discourse/README.md | 86 +++++++++++++++++----------------- bitnami/discourse/values.yaml | 2 +- 4 files changed, 51 insertions(+), 47 deletions(-) diff --git a/bitnami/discourse/CHANGELOG.md b/bitnami/discourse/CHANGELOG.md index 8c94f53f0a..b52eea40f9 100644 --- a/bitnami/discourse/CHANGELOG.md +++ b/bitnami/discourse/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog -## 13.2.11 (2024-07-16) +## 13.2.12 (2024-07-17) -* [bitnami/discourse] Global StorageClass as default value ([#28010](https://github.com/bitnami/charts/pull/28010)) +* [bitnami/discourse] fix: :bug: Remove incorrect CHMOD capability ([#27982](https://github.com/bitnami/charts/pull/27982)) + +## 13.2.11 (2024-07-16) + +* [bitnami/discourse] Global StorageClass as default value (#28010) ([84bce06](https://github.com/bitnami/charts/commit/84bce06012772a0a5c93072e4dd5a64878e54eec)), closes [#28010](https://github.com/bitnami/charts/issues/28010) ## 13.2.10 (2024-07-15) diff --git a/bitnami/discourse/Chart.yaml b/bitnami/discourse/Chart.yaml index 55f6a4b087..8e2c45f171 100644 --- a/bitnami/discourse/Chart.yaml +++ b/bitnami/discourse/Chart.yaml @@ -41,4 +41,4 @@ maintainers: name: discourse sources: - https://github.com/bitnami/charts/tree/main/bitnami/discourse -version: 13.2.11 +version: 13.2.12 diff --git a/bitnami/discourse/README.md b/bitnami/discourse/README.md index d0a4bfac5a..15754b051d 100644 --- a/bitnami/discourse/README.md +++ b/bitnami/discourse/README.md @@ -376,49 +376,49 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per ### Sidekiq container parameters -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- | -| `sidekiq.command` | Custom command to override image cmd (evaluated as a template) | `["/opt/bitnami/scripts/discourse/entrypoint.sh"]` | -| `sidekiq.args` | Custom args for the custom command (evaluated as a template) | `["/opt/bitnami/scripts/discourse-sidekiq/run.sh"]` | -| `sidekiq.extraEnvVars` | Array with extra environment variables to add Sidekiq pods | `[]` | -| `sidekiq.extraEnvVarsCM` | ConfigMap containing extra environment variables for Sidekiq pods | `""` | -| `sidekiq.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Sidekiq pods | `""` | -| `sidekiq.livenessProbe.enabled` | Enable livenessProbe on Sidekiq containers | `true` | -| `sidekiq.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `500` | -| `sidekiq.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `sidekiq.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `sidekiq.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `sidekiq.livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `sidekiq.readinessProbe.enabled` | Enable readinessProbe on Sidekiq containers | `true` | -| `sidekiq.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | -| `sidekiq.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `sidekiq.readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `sidekiq.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `sidekiq.readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `sidekiq.startupProbe.enabled` | Enable startupProbe on Sidekiq containers | `false` | -| `sidekiq.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `sidekiq.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `sidekiq.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `sidekiq.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `sidekiq.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `sidekiq.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `sidekiq.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `sidekiq.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `sidekiq.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sidekiq.resources is set (sidekiq.resources is recommended for production). | `small` | -| `sidekiq.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `sidekiq.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `sidekiq.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `sidekiq.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `0` | -| `sidekiq.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | -| `sidekiq.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | -| `sidekiq.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `sidekiq.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `sidekiq.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `sidekiq.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `sidekiq.containerSecurityContext.capabilities.add` | List of capabilities to be added | `["CHOWN","CHMOD","SYS_CHROOT","FOWNER","SETGID","SETUID","DAC_OVERRIDE"]` | -| `sidekiq.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `sidekiq.lifecycleHooks` | for the Sidekiq container(s) to automate configuration before or after startup | `{}` | -| `sidekiq.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Sidekiq pods | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ | +| `sidekiq.command` | Custom command to override image cmd (evaluated as a template) | `["/opt/bitnami/scripts/discourse/entrypoint.sh"]` | +| `sidekiq.args` | Custom args for the custom command (evaluated as a template) | `["/opt/bitnami/scripts/discourse-sidekiq/run.sh"]` | +| `sidekiq.extraEnvVars` | Array with extra environment variables to add Sidekiq pods | `[]` | +| `sidekiq.extraEnvVarsCM` | ConfigMap containing extra environment variables for Sidekiq pods | `""` | +| `sidekiq.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Sidekiq pods | `""` | +| `sidekiq.livenessProbe.enabled` | Enable livenessProbe on Sidekiq containers | `true` | +| `sidekiq.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `500` | +| `sidekiq.livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `sidekiq.livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `sidekiq.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | +| `sidekiq.livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `sidekiq.readinessProbe.enabled` | Enable readinessProbe on Sidekiq containers | `true` | +| `sidekiq.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | +| `sidekiq.readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `sidekiq.readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `sidekiq.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | +| `sidekiq.readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | +| `sidekiq.startupProbe.enabled` | Enable startupProbe on Sidekiq containers | `false` | +| `sidekiq.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `sidekiq.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `sidekiq.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `sidekiq.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `sidekiq.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `sidekiq.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `sidekiq.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `sidekiq.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `sidekiq.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sidekiq.resources is set (sidekiq.resources is recommended for production). | `small` | +| `sidekiq.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `sidekiq.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `sidekiq.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `sidekiq.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `0` | +| `sidekiq.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | +| `sidekiq.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `sidekiq.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `sidekiq.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `sidekiq.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `sidekiq.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `sidekiq.containerSecurityContext.capabilities.add` | List of capabilities to be added | `["CHOWN","SYS_CHROOT","FOWNER","SETGID","SETUID","DAC_OVERRIDE"]` | +| `sidekiq.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `sidekiq.lifecycleHooks` | for the Sidekiq container(s) to automate configuration before or after startup | `{}` | +| `sidekiq.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Sidekiq pods | `[]` | ### Traffic Exposure Parameters diff --git a/bitnami/discourse/values.yaml b/bitnami/discourse/values.yaml index f0d82f297d..0b71c43e2a 100644 --- a/bitnami/discourse/values.yaml +++ b/bitnami/discourse/values.yaml @@ -577,7 +577,7 @@ sidekiq: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] - add: ["CHOWN", "CHMOD", "SYS_CHROOT", "FOWNER", "SETGID", "SETUID", "DAC_OVERRIDE"] + add: ["CHOWN", "SYS_CHROOT", "FOWNER", "SETGID", "SETUID", "DAC_OVERRIDE"] seccompProfile: type: "RuntimeDefault" ## @param sidekiq.lifecycleHooks for the Sidekiq container(s) to automate configuration before or after startup