[bitnami/concourse] Detect non-standard images (#30872)

* [bitnami/concourse] Detect non-standard images

Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>

* Update NOTES.txt

Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

---------

Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/concourse/CHANGELOG.md

@@ -1,8 +1,12 @@
 # Changelog
 
-## 5.0.15 (2024-12-05)
+## 5.1.0 (2024-12-10)
 
-* [bitnami/concourse] Release 5.0.15 ([#30792](https://github.com/bitnami/charts/pull/30792))
+* [bitnami/concourse] Detect non-standard images ([#30872](https://github.com/bitnami/charts/pull/30872))
+
+## <small>5.0.15 (2024-12-05)</small>
+
+* [bitnami/concourse] Release 5.0.15 (#30792) ([51f0d05](https://github.com/bitnami/charts/commit/51f0d051baad14130026737253d1184cbddf43c7)), closes [#30792](https://github.com/bitnami/charts/issues/30792)
 
 ## <small>5.0.14 (2024-12-03)</small>
 

bitnami/concourse/Chart.lock

@@ -4,6 +4,6 @@ dependencies:
   version: 16.2.5
 - name: common
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.27.2
-digest: sha256:d9a9e1ad4499a6bfbc96b15508ce23759fd628c33632f4a37265402f2e37ec2d
-generated: "2024-12-04T23:55:57.882734742Z"
+  version: 2.28.0
+digest: sha256:215fbb60b9d4fb862194073350dda488a2124f7f803ef5859a7ce9d75b7bee02
+generated: "2024-12-10T16:52:48.982858+01:00"

bitnami/concourse/Chart.yaml

@@ -37,4 +37,4 @@ maintainers:
 name: concourse
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/concourse
-version: 5.0.15
+version: 5.1.0

bitnami/concourse/README.md

@@ -205,6 +205,7 @@ The [Bitnami Concourse](https://github.com/bitnami/containers/tree/main/bitnami/
 | `global.imagePullSecrets`                             | Global Docker registry secret names as an array                                                                                                                                                                                                                                                                                                                     | `[]`       |
 | `global.defaultStorageClass`                          | Global default StorageClass for Persistent Volume(s)                                                                                                                                                                                                                                                                                                                | `""`       |
 | `global.storageClass`                                 | DEPRECATED: use global.defaultStorageClass instead                                                                                                                                                                                                                                                                                                                  | `""`       |
+| `global.security.allowInsecureImages`                 | Allows skipping image verification                                                                                                                                                                                                                                                                                                                                  | `false`    |
 | `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
 
 ### Common parameters
@@ -612,6 +613,10 @@ Find more information about how to deal with common errors related to Bitnami's
 
 ## Upgrading
 
+### To 5.1.0
+
+This version introduces image verification for security purposes. To disable it, set `global.security.allowInsecureImages` to `true`. More details at [GitHub issue](https://github.com/bitnami/charts/issues/30850).
+
 ### To 5.0.0
 
 This major updates the PostgreSQL subchart to its newest major, 16.0.0, which uses PostgreSQL 17.x.  Follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x.

bitnami/concourse/templates/NOTES.txt

@@ -170,4 +170,5 @@ To connect to Concourse from outside the cluster, perform the following steps:
 {{- end }}
 {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}
 {{- include "common.warnings.resources" (dict "sections" (list "volumePermissions" "web" "worker") "context" $) }}
-{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) }}
+{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) }}
+{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) }}

bitnami/concourse/values.yaml

@@ -19,6 +19,11 @@ global:
   imagePullSecrets: []
   defaultStorageClass: ""
   storageClass: ""
+  ## Security parameters
+  ##
+  security:
+    ## @param global.security.allowInsecureImages Allows skipping image verification
+    allowInsecureImages: false
   ## Compatibility adaptations for Kubernetes platforms
   ##
   compatibility: