Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-27 15:37:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/wavefront-hpa-adapter] Set readOnlyRootFileSystem by default (#9463)

Browse Source 
* [bitnami/wavefront-hpa-adapter] Set readOnlyRootFileSystem by default

Signed-off-by: Miguel A. Cabrera Minagorri <mcabrera@vmware.com>

* [bitnami/wavefront-hpa-adapter] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Miguel Ángel Cabrera Miñagorri
2022-03-18 17:56:26 +01:00
committed by GitHub
parent 801091d190
commit 90ac517c4b
5 changed files with 82 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bitnami/wavefront-hpa-adapter/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.11.1
digest: sha256:a000bcd4d4cdd813c67d633b5523b4a4cd478fb95f1cae665d9b0ba5c45b40e2
generated: "2022-02-16T03:34:19.364148394Z"
version: 1.12.0
digest: sha256:7e484480451778c273e7a165dbfaa5594ec1c9a63a114ce9d458626cadd28893
generated: "2022-03-17T13:16:49.778863567Z"

2
bitnami/wavefront-hpa-adapter/Chart.yaml
View File

@@ -25,4 +25,4 @@ maintainers:
name: wavefront-hpa-adapter
sources:
- https://github.com/bitnami/bitnami-docker-wavefront-hpa-adapter
version: 1.0.9
version: 1.1.0

143
bitnami/wavefront-hpa-adapter/README.md
View File

@@ -72,77 +72,78 @@ The command removes all the Kubernetes components associated with the chart and
### Wavefront HPA Adapter for Kubernetes deployment parameters
| Name | Description | Value |
| --------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------ |
| `image.registry` | Adapter image registry | `docker.io` |
| `image.repository` | Adapter image repository | `bitnami/wavefront-hpa-adapter` |
| `image.tag` | Adapter image tag (immutabe tags are recommended) | `0.9.8-scratch-r9` |
| `image.pullPolicy` | Adapter image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Adapter image pull secrets | `[]` |
| `image.debug` | Enable image debug mode | `false` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `resources.limits` | The resources limits for the Adapter container | `{}` |
| `resources.requests` | The requested resourcesc for the Adapter container | `{}` |
| `containerSecurityContext.enabled` | Enabled Adapter containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set Adapter container's Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set Adapter container's Security Context runAsNonRoot | `true` |
| `podSecurityContext.enabled` | Enabled Adapter pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Adapter pod's Security Context fsGroup | `1001` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `podLabels` | Extra labels for Adapter pods | `{}` |
| `podAnnotations` | Annotations for Adapter pods | `{}` |
| `priorityClassName` | Adapter pod priority | `""` |
| `lifecycleHooks` | Add lifecycle hooks to the Adapter deployment | `{}` |
| `schedulerName` | Alternative scheduler | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `customStartupProbe` | Override default startup probe | `{}` |
| `updateStrategy.type` | Adapter deployment update strategy | `RollingUpdate` |
| `containerPorts.https` | Adapter container port | `6443` |
| `extraEnvVars` | Add extra environment variables to the Adapter container | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
| `extraVolumes` | Optionally specify extra list of additional volumes for Adapter pods | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Adapter container(s) | `[]` |
| `initContainers` | Add additional init containers to the Adapter pods | `[]` |
| `sidecars` | Add additional sidecar containers to the Adapter pod | `[]` |
| `adapterMetricPrefix` | Adapter metric `prefix` parameter | `kubernetes` |
| `adapterAPIClientTimeout` | Adapter API timeout | `10s` |
| `adapterMetricRelistInterval` | Adapter metric relist interval | `10m` |
| `adapterLogLevel` | Adapter log level | `info` |
| `adapterRules` | Adapter array of rules | `[]` |
| `adapterSSLCertDir` | Adapter SSL Certs directory | `/etc/ssl/certs` |
| `adapterSSLCertsSecret` | Adapter SSL Certs secret (will use autogenerated if empty) | `""` |
| `wavefront.url` | External Wavefront URL | `https://YOUR_CLUSTER.wavefront.com` |
| `wavefront.token` | External Wavefront Token | `YOUR_API_TOKEN` |
| Name | Description | Value |
| ------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------ |
| `image.registry` | Adapter image registry | `docker.io` |
| `image.repository` | Adapter image repository | `bitnami/wavefront-hpa-adapter` |
| `image.tag` | Adapter image tag (immutabe tags are recommended) | `0.9.8-scratch-r14` |
| `image.pullPolicy` | Adapter image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Adapter image pull secrets | `[]` |
| `image.debug` | Enable image debug mode | `false` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `resources.limits` | The resources limits for the Adapter container | `{}` |
| `resources.requests` | The requested resourcesc for the Adapter container | `{}` |
| `containerSecurityContext.enabled` | Enabled Adapter containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set Adapter container's Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set Adapter container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Adapter container | `true` |
| `podSecurityContext.enabled` | Enabled Adapter pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set Adapter pod's Security Context fsGroup | `1001` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `podLabels` | Extra labels for Adapter pods | `{}` |
| `podAnnotations` | Annotations for Adapter pods | `{}` |
| `priorityClassName` | Adapter pod priority | `""` |
| `lifecycleHooks` | Add lifecycle hooks to the Adapter deployment | `{}` |
| `schedulerName` | Alternative scheduler | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `customStartupProbe` | Override default startup probe | `{}` |
| `updateStrategy.type` | Adapter deployment update strategy | `RollingUpdate` |
| `containerPorts.https` | Adapter container port | `6443` |
| `extraEnvVars` | Add extra environment variables to the Adapter container | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |
| `extraVolumes` | Optionally specify extra list of additional volumes for Adapter pods | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Adapter container(s) | `[]` |
| `initContainers` | Add additional init containers to the Adapter pods | `[]` |
| `sidecars` | Add additional sidecar containers to the Adapter pod | `[]` |
| `adapterMetricPrefix` | Adapter metric `prefix` parameter | `kubernetes` |
| `adapterAPIClientTimeout` | Adapter API timeout | `10s` |
| `adapterMetricRelistInterval` | Adapter metric relist interval | `10m` |
| `adapterLogLevel` | Adapter log level | `info` |
| `adapterRules` | Adapter array of rules | `[]` |
| `adapterSSLCertDir` | Adapter SSL Certs directory | `/etc/ssl/certs` |
| `adapterSSLCertsSecret` | Adapter SSL Certs secret (will use autogenerated if empty) | `""` |
| `wavefront.url` | External Wavefront URL | `https://YOUR_CLUSTER.wavefront.com` |
| `wavefront.token` | External Wavefront Token | `YOUR_API_TOKEN` |
### Traffic Exposure Parameters

6
bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-deployment.yaml
View File

@@ -160,10 +160,8 @@ spec:
name: config
readOnly: true
{{- end }}
{{- if .Values.adapterSSLCertsSecret }}
- name: ssl-cert-dirs
mountPath: {{ .Values.adapterSSLCertDir }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -171,10 +169,12 @@ spec:
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.adapterSSLCertsSecret }}
- name: ssl-cert-dirs
{{- if .Values.adapterSSLCertsSecret }}
secret:
secretName: {{ .Values.adapterSSLCertsSecret }}
{{- else }}
emptyDir: {}
{{- end }}
- name: temp-vol
emptyDir: {}

4
bitnami/wavefront-hpa-adapter/values.yaml
View File

@@ -59,7 +59,7 @@ image:
repository: bitnami/wavefront-hpa-adapter
## @param image.tag Adapter image tag (immutabe tags are recommended)
##
tag: 0.9.8-scratch-r14
tag: 0.9.8-scratch-r16
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -164,11 +164,13 @@ resources:
## @param containerSecurityContext.enabled Enabled Adapter containers' Security Context
## @param containerSecurityContext.runAsUser Set Adapter container's Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set Adapter container's Security Context runAsNonRoot
## @param containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Adapter container
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
readOnlyRootFilesystem: true
## wavefront-hpa-adapter pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod