Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-10 06:57:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/redmine] feat: 🔒 Add automatic adaptation for Openshift restricted-v2 SCC (#24151)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-03-06 10:06:35 +01:00
committed by GitHub
parent 12e0756c39
commit 4e52724a1e
5 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/redmine/Chart.yaml
View File

@@ -43,4 +43,4 @@ maintainers:
name: redmine
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redmine
version: 27.0.1
version: 27.1.0

11
bitnami/redmine/README.md
View File

@@ -69,11 +69,12 @@ helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/redmine --set databa
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
### Common parameters

4
bitnami/redmine/templates/cronjob.yaml
View File

@@ -35,7 +35,7 @@ spec:
priorityClassName: {{ .Values.mailReceiver.priorityClassName | quote }}
{{- end }}
{{- if .Values.mailReceiver.podSecurityContext.enabled }}
securityContext: {{- omit .Values.mailReceiver.podSecurityContext "enabled" | toYaml | nindent 12 }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.mailReceiver.podSecurityContext "context" $) | nindent 12 }}
{{- end }}
initContainers:
{{- if .Values.mailReceiver.initContainers }}
@@ -60,7 +60,7 @@ spec:
image: {{ template "redmine.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.mailReceiver.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.mailReceiver.containerSecurityContext "enabled" | toYaml | nindent 16 }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.mailReceiver.containerSecurityContext "context" $) | nindent 16 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 16 }}

6
bitnami/redmine/templates/deployment.yaml
View File

@@ -55,7 +55,7 @@ spec:
{{- end }}
serviceAccountName: {{ template "redmine.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
@@ -77,7 +77,7 @@ spec:
mkdir -p /bitnami/redmine
find /bitnami/redmine -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R redmine:root
{{- if .Values.volumePermissions.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "enabled" | toYaml | nindent 12 }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
@@ -99,7 +99,7 @@ spec:
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}

9
bitnami/redmine/values.yaml
View File

@@ -19,6 +19,15 @@ global:
##
imagePullSecrets: []
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
## @section Common parameters
##