mirror of
https://github.com/bitnami/charts.git
synced 2026-03-01 15:07:34 +08:00
[bitnami/rabbitmq] feat: ✨ Add support for PSA restricted policy (#20367)
* [bitnami/rabbitmq] feat: ✨ Add support for PSA restricted policy Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * chore: 🔧 Move seccompProfile Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * chore: ⏪ Revert values.schema.json Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
6faa83c856
commit
7fa78edaee
@@ -30,4 +30,4 @@ maintainers:
|
||||
name: rabbitmq
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
|
||||
version: 12.2.5
|
||||
version: 12.3.0
|
||||
|
||||
@@ -191,59 +191,62 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### Statefulset parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- |
|
||||
| `replicaCount` | Number of RabbitMQ replicas to deploy | `1` |
|
||||
| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `podManagementPolicy` | Pod management policy | `OrderedReady` |
|
||||
| `podLabels` | RabbitMQ Pod labels. Evaluated as a template | `{}` |
|
||||
| `podAnnotations` | RabbitMQ Pod annotations. Evaluated as a template | `{}` |
|
||||
| `updateStrategy.type` | Update strategy type for RabbitMQ statefulset | `RollingUpdate` |
|
||||
| `statefulsetLabels` | RabbitMQ statefulset labels. Evaluated as a template | `{}` |
|
||||
| `statefulsetAnnotations` | RabbitMQ statefulset annotations. Evaluated as a template | `{}` |
|
||||
| `priorityClassName` | Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand | `""` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment. Evaluated as a template | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment. Evaluated as a template | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `podSecurityContext.enabled` | Enable RabbitMQ pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set RabbitMQ pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled RabbitMQ containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set RabbitMQ containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set RabbitMQ container's Security Context runAsNonRoot | `true` |
|
||||
| `resources.limits` | The resources limits for RabbitMQ containers | `{}` |
|
||||
| `resources.requests` | The requested resources for RabbitMQ containers | `{}` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `30` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `20` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `customStartupProbe` | Define a custom startup probe | `{}` |
|
||||
| `initContainers` | Add init containers to the RabbitMQ pod | `[]` |
|
||||
| `sidecars` | Add sidecar containers to the RabbitMQ pod | `[]` |
|
||||
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- |
|
||||
| `replicaCount` | Number of RabbitMQ replicas to deploy | `1` |
|
||||
| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
|
||||
| `podManagementPolicy` | Pod management policy | `OrderedReady` |
|
||||
| `podLabels` | RabbitMQ Pod labels. Evaluated as a template | `{}` |
|
||||
| `podAnnotations` | RabbitMQ Pod annotations. Evaluated as a template | `{}` |
|
||||
| `updateStrategy.type` | Update strategy type for RabbitMQ statefulset | `RollingUpdate` |
|
||||
| `statefulsetLabels` | RabbitMQ statefulset labels. Evaluated as a template | `{}` |
|
||||
| `statefulsetAnnotations` | RabbitMQ statefulset annotations. Evaluated as a template | `{}` |
|
||||
| `priorityClassName` | Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand | `""` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment. Evaluated as a template | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment. Evaluated as a template | `[]` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `podSecurityContext.enabled` | Enable RabbitMQ pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set RabbitMQ pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled RabbitMQ containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set RabbitMQ containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set RabbitMQ container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `resources.limits` | The resources limits for RabbitMQ containers | `{}` |
|
||||
| `resources.requests` | The requested resources for RabbitMQ containers | `{}` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `30` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `20` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Override default liveness probe | `{}` |
|
||||
| `customReadinessProbe` | Override default readiness probe | `{}` |
|
||||
| `customStartupProbe` | Define a custom startup probe | `{}` |
|
||||
| `initContainers` | Add init containers to the RabbitMQ pod | `[]` |
|
||||
| `sidecars` | Add sidecar containers to the RabbitMQ pod | `[]` |
|
||||
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
|
||||
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
|
||||
### RBAC parameters
|
||||
|
||||
|
||||
@@ -739,6 +739,9 @@ podSecurityContext:
|
||||
## @param containerSecurityContext.enabled Enabled RabbitMQ containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
|
||||
## @param containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## Example:
|
||||
## containerSecurityContext:
|
||||
@@ -750,6 +753,11 @@ containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
## RabbitMQ containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
|
||||
Reference in New Issue
Block a user