From 8bcba2d7b7910e3e36e9664df3be416b4f1df3b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 6 Mar 2024 10:08:08 +0100 Subject: [PATCH] [bitnami/moodle] feat: :sparkles: :lock: Add automatic adaptation for Openshift restricted-v2 SCC (#24126) Signed-off-by: Javier Salmeron Garcia --- bitnami/moodle/Chart.lock | 6 +++--- bitnami/moodle/Chart.yaml | 2 +- bitnami/moodle/README.md | 11 ++++++----- bitnami/moodle/templates/deployment.yaml | 4 ++-- bitnami/moodle/values.yaml | 9 +++++++++ 5 files changed, 21 insertions(+), 11 deletions(-) diff --git a/bitnami/moodle/Chart.lock b/bitnami/moodle/Chart.lock index aad875853a..695690c398 100644 --- a/bitnami/moodle/Chart.lock +++ b/bitnami/moodle/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.16.1 -digest: sha256:aa458dbf23d5ef02fcef95f38e53da0a1891b5aa4ca1564c8c057c30a147865a -generated: "2024-02-21T14:20:46.767407621Z" + version: 2.18.0 +digest: sha256:36b99a6536d40d96d4c809ef7082c57d4c54b2fffc824e977d271c85a43e7d4c +generated: "2024-03-05T14:58:33.073151093+01:00" diff --git a/bitnami/moodle/Chart.yaml b/bitnami/moodle/Chart.yaml index bc90ed2bb4..91971e5446 100644 --- a/bitnami/moodle/Chart.yaml +++ b/bitnami/moodle/Chart.yaml @@ -36,4 +36,4 @@ maintainers: name: moodle sources: - https://github.com/bitnami/charts/tree/main/bitnami/moodle -version: 20.4.2 +version: 20.5.0 diff --git a/bitnami/moodle/README.md b/bitnami/moodle/README.md index 9680f46f16..1ff80e4aa3 100644 --- a/bitnami/moodle/README.md +++ b/bitnami/moodle/README.md @@ -59,11 +59,12 @@ The command removes all the Kubernetes components associated with the chart and ### Global parameters -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` | ### Common parameters diff --git a/bitnami/moodle/templates/deployment.yaml b/bitnami/moodle/templates/deployment.yaml index 231c217441..bfdbfef258 100644 --- a/bitnami/moodle/templates/deployment.yaml +++ b/bitnami/moodle/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: spec: {{- include "moodle.imagePullSecrets" . | nindent 6 }} {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} {{- end }} serviceAccountName: {{ include "moodle.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} @@ -150,7 +150,7 @@ spec: args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} {{- end }} {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} {{- end }} env: - name: BITNAMI_DEBUG diff --git a/bitnami/moodle/values.yaml b/bitnami/moodle/values.yaml index b407886193..7ffe2800ff 100644 --- a/bitnami/moodle/values.yaml +++ b/bitnami/moodle/values.yaml @@ -18,6 +18,15 @@ global: ## imagePullSecrets: [] storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: disabled ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)