diff --git a/bitnami/mariadb/Chart.yaml b/bitnami/mariadb/Chart.yaml index 93a618a5cc..7bb02d7cfe 100644 --- a/bitnami/mariadb/Chart.yaml +++ b/bitnami/mariadb/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: mariadb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb -version: 14.0.3 +version: 14.1.0 diff --git a/bitnami/mariadb/README.md b/bitnami/mariadb/README.md index fc325cfa2b..8574fcccc3 100644 --- a/bitnami/mariadb/README.md +++ b/bitnami/mariadb/README.md @@ -143,6 +143,8 @@ The command removes all the Kubernetes components associated with the chart and | `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | | `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | +| `primary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `primary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | | `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | | `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | | `primary.startupProbe.enabled` | Enable startupProbe | `false` | @@ -237,6 +239,8 @@ The command removes all the Kubernetes components associated with the chart and | `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` | | `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` | | `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` | +| `secondary.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `secondary.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | | `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | | `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | | `secondary.startupProbe.enabled` | Enable startupProbe | `false` | @@ -331,8 +335,12 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | | `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | | `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | +| `metrics.containerSecurityContext.runAsUser` | User ID for the MariaDB metrics container | `1001` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set metrics container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` | +| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | | `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | | `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | | `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | diff --git a/bitnami/mariadb/values.yaml b/bitnami/mariadb/values.yaml index 29f44fe499..779a8456d9 100644 --- a/bitnami/mariadb/values.yaml +++ b/bitnami/mariadb/values.yaml @@ -325,6 +325,8 @@ primary: ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation + ## @param primary.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param primary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true @@ -332,6 +334,10 @@ primary: runAsNonRoot: true privileged: false allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## MariaDB primary container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -721,6 +727,8 @@ secondary: ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation + ## @param secondary.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param secondary.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true @@ -728,6 +736,10 @@ secondary: runAsNonRoot: true privileged: false allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## MariaDB secondary container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -1104,8 +1116,12 @@ metrics: ## MariaDB metrics container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container + ## @param metrics.containerSecurityContext.runAsUser User ID for the MariaDB metrics container + ## @param metrics.containerSecurityContext.runAsNonRoot Set metrics container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation + ## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## Example: ## containerSecurityContext: ## enabled: true @@ -1116,7 +1132,13 @@ metrics: containerSecurityContext: enabled: false privileged: false + runAsNonRoot: true + runAsUser: 1001 allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious