diff --git a/bitnami/rabbitmq/Chart.yaml b/bitnami/rabbitmq/Chart.yaml index 281ecc56a1..5f9f75ebb8 100644 --- a/bitnami/rabbitmq/Chart.yaml +++ b/bitnami/rabbitmq/Chart.yaml @@ -30,4 +30,4 @@ maintainers: name: rabbitmq sources: - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq -version: 12.2.5 +version: 12.3.0 diff --git a/bitnami/rabbitmq/README.md b/bitnami/rabbitmq/README.md index 6fe0eeb918..804cddef63 100644 --- a/bitnami/rabbitmq/README.md +++ b/bitnami/rabbitmq/README.md @@ -191,59 +191,62 @@ The command removes all the Kubernetes components associated with the chart and ### Statefulset parameters -| Name | Description | Value | -| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- | -| `replicaCount` | Number of RabbitMQ replicas to deploy | `1` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `podManagementPolicy` | Pod management policy | `OrderedReady` | -| `podLabels` | RabbitMQ Pod labels. Evaluated as a template | `{}` | -| `podAnnotations` | RabbitMQ Pod annotations. Evaluated as a template | `{}` | -| `updateStrategy.type` | Update strategy type for RabbitMQ statefulset | `RollingUpdate` | -| `statefulsetLabels` | RabbitMQ statefulset labels. Evaluated as a template | `{}` | -| `statefulsetAnnotations` | RabbitMQ statefulset annotations. Evaluated as a template | `{}` | -| `priorityClassName` | Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand | `""` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `podSecurityContext.enabled` | Enable RabbitMQ pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set RabbitMQ pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled RabbitMQ containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set RabbitMQ containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set RabbitMQ container's Security Context runAsNonRoot | `true` | -| `resources.limits` | The resources limits for RabbitMQ containers | `{}` | -| `resources.requests` | The requested resources for RabbitMQ containers | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `20` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `customStartupProbe` | Define a custom startup probe | `{}` | -| `initContainers` | Add init containers to the RabbitMQ pod | `[]` | -| `sidecars` | Add sidecar containers to the RabbitMQ pod | `[]` | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `replicaCount` | Number of RabbitMQ replicas to deploy | `1` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `podManagementPolicy` | Pod management policy | `OrderedReady` | +| `podLabels` | RabbitMQ Pod labels. Evaluated as a template | `{}` | +| `podAnnotations` | RabbitMQ Pod annotations. Evaluated as a template | `{}` | +| `updateStrategy.type` | Update strategy type for RabbitMQ statefulset | `RollingUpdate` | +| `statefulsetLabels` | RabbitMQ statefulset labels. Evaluated as a template | `{}` | +| `statefulsetAnnotations` | RabbitMQ statefulset annotations. Evaluated as a template | `{}` | +| `priorityClassName` | Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand | `""` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment. Evaluated as a template | `{}` | +| `nodeSelector` | Node labels for pod assignment. Evaluated as a template | `{}` | +| `tolerations` | Tolerations for pod assignment. Evaluated as a template | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `podSecurityContext.enabled` | Enable RabbitMQ pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set RabbitMQ pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled RabbitMQ containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set RabbitMQ containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set RabbitMQ container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` | +| `containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `resources.limits` | The resources limits for RabbitMQ containers | `{}` | +| `resources.requests` | The requested resources for RabbitMQ containers | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `20` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `customStartupProbe` | Define a custom startup probe | `{}` | +| `initContainers` | Add init containers to the RabbitMQ pod | `[]` | +| `sidecars` | Add sidecar containers to the RabbitMQ pod | `[]` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | ### RBAC parameters diff --git a/bitnami/rabbitmq/values.yaml b/bitnami/rabbitmq/values.yaml index 53784d496f..ea507e5561 100644 --- a/bitnami/rabbitmq/values.yaml +++ b/bitnami/rabbitmq/values.yaml @@ -739,6 +739,9 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enabled RabbitMQ containers' Security Context ## @param containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot +## @param containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation +## @param containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## Example: ## containerSecurityContext: @@ -750,6 +753,11 @@ containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## RabbitMQ containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/