diff --git a/bitnami/concourse/Chart.lock b/bitnami/concourse/Chart.lock index 6f36ef47d9..844b9e97fa 100644 --- a/bitnami/concourse/Chart.lock +++ b/bitnami/concourse/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.16.1 -digest: sha256:de057c4c51c604d9a1f4357bd79af2569b414d4dea12ab0dc35e6a11ea019781 -generated: "2024-02-21T12:15:40.096840522Z" + version: 2.18.0 +digest: sha256:09954cc1b028d4f128cfdab68dc4ae7c3247157afa5917ae7bf28288dfe6e556 +generated: "2024-03-05T13:32:22.580906166+01:00" diff --git a/bitnami/concourse/Chart.yaml b/bitnami/concourse/Chart.yaml index 179f7d7330..d23795b654 100644 --- a/bitnami/concourse/Chart.yaml +++ b/bitnami/concourse/Chart.yaml @@ -37,4 +37,4 @@ maintainers: name: concourse sources: - https://github.com/bitnami/charts/tree/main/bitnami/concourse -version: 3.6.0 +version: 3.7.0 diff --git a/bitnami/concourse/README.md b/bitnami/concourse/README.md index db88951ed9..8aadc03361 100644 --- a/bitnami/concourse/README.md +++ b/bitnami/concourse/README.md @@ -57,11 +57,12 @@ The command removes all the Kubernetes components associated with the chart and ### Global parameters -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | ### Common parameters diff --git a/bitnami/concourse/templates/web/deployment.yaml b/bitnami/concourse/templates/web/deployment.yaml index 20ac6c63fe..052e76b2af 100644 --- a/bitnami/concourse/templates/web/deployment.yaml +++ b/bitnami/concourse/templates/web/deployment.yaml @@ -63,7 +63,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.web.terminationGracePeriodSeconds }} {{- end }} {{- if .Values.web.podSecurityContext.enabled }} - securityContext: {{- omit .Values.web.podSecurityContext "enabled" | toYaml | nindent 8 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.web.podSecurityContext "context" $) | nindent 8 }} {{- end }} serviceAccountName: {{ template "concourse.web.serviceAccountName" . }} initContainers: @@ -101,7 +101,7 @@ spec: info "Connected to the PostgreSQL instance" fi {{- if .Values.web.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.web.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.web.containerSecurityContext "context" $) | nindent 12 }} {{- end }} env: - name: POSTGRESQL_CLIENT_DATABASE_HOST @@ -151,7 +151,7 @@ spec: lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.web.lifecycleHooks "context" $) | nindent 12 }} {{- end }} {{- if .Values.web.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.web.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.web.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} diff --git a/bitnami/concourse/templates/worker/deployment.yaml b/bitnami/concourse/templates/worker/deployment.yaml index 09daa1e6ca..b3b06119ad 100644 --- a/bitnami/concourse/templates/worker/deployment.yaml +++ b/bitnami/concourse/templates/worker/deployment.yaml @@ -65,7 +65,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }} {{- end }} {{- if .Values.worker.podSecurityContext.enabled }} - securityContext: {{- omit .Values.worker.podSecurityContext "enabled" | toYaml | nindent 8 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.podSecurityContext "context" $) | nindent 8 }} {{- end }} initContainers: {{- if .Values.worker.initContainers }} @@ -79,7 +79,7 @@ spec: lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.worker.lifecycleHooks "context" $) | nindent 12 }} {{- end }} {{- if .Values.worker.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.worker.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} diff --git a/bitnami/concourse/templates/worker/statefulset.yaml b/bitnami/concourse/templates/worker/statefulset.yaml index f99df5df65..5a70251e7a 100644 --- a/bitnami/concourse/templates/worker/statefulset.yaml +++ b/bitnami/concourse/templates/worker/statefulset.yaml @@ -67,7 +67,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }} {{- end }} {{- if .Values.worker.podSecurityContext.enabled }} - securityContext: {{- omit .Values.worker.podSecurityContext "enabled" | toYaml | nindent 8 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.podSecurityContext "context" $) | nindent 8 }} {{- end }} initContainers: {{- if and .Values.volumePermissions.enabled .Values.worker.persistence.enabled }} @@ -82,7 +82,7 @@ spec: mkdir -p /bitnami/concourse find /bitnami/concourse -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.worker.containerSecurityContext.runAsUser }}:{{ .Values.worker.podSecurityContext.fsGroup }} {{- if .Values.worker.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.worker.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} @@ -104,7 +104,7 @@ spec: lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.worker.lifecycleHooks "context" $) | nindent 12 }} {{- end }} {{- if .Values.worker.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.worker.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.containerSecurityContext "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} diff --git a/bitnami/concourse/values.yaml b/bitnami/concourse/values.yaml index 4cb028cccc..da075d7294 100644 --- a/bitnami/concourse/values.yaml +++ b/bitnami/concourse/values.yaml @@ -17,6 +17,15 @@ global: ## imagePullSecrets: [] storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: disabled ## @section Common parameters ## @param kubeVersion Override Kubernetes version