mirror of
https://github.com/bitnami/charts.git
synced 2026-03-16 06:47:30 +08:00
[bitnami/mastodon] feat!: 🔒 💥 Improve security defaults (#24768)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
7b5618a5eb
commit
98c278adbd
@@ -1,21 +1,21 @@
|
||||
dependencies:
|
||||
- name: redis
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 18.19.2
|
||||
version: 19.0.2
|
||||
- name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 13.4.6
|
||||
version: 15.2.0
|
||||
- name: elasticsearch
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 19.21.2
|
||||
version: 20.0.1
|
||||
- name: minio
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.13.2
|
||||
version: 14.1.4
|
||||
- name: apache
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 10.9.1
|
||||
version: 11.0.0
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.19.0
|
||||
digest: sha256:6948b4c6490745c03147f5482528789f7bd289d66a2811cb0073aaeda89f377a
|
||||
generated: "2024-03-13T11:53:12.753773+01:00"
|
||||
version: 2.19.1
|
||||
digest: sha256:378ef0f934e29e5abd6913e5ce739fe9a7a546e0aae056a930769779279404a2
|
||||
generated: "2024-04-01T16:40:20.594285866+02:00"
|
||||
|
||||
@@ -15,23 +15,23 @@ dependencies:
|
||||
- condition: redis.enabled
|
||||
name: redis
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 18.x.x
|
||||
version: 19.x.x
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 13.x.x
|
||||
version: 15.x.x
|
||||
- condition: elasticsearch.enabled
|
||||
name: elasticsearch
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 19.x.x
|
||||
version: 20.x.x
|
||||
- condition: minio.enabled
|
||||
name: minio
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.x.x
|
||||
version: 14.x.x
|
||||
- condition: apache.enabled
|
||||
name: apache
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 10.x.x
|
||||
version: 11.x.x
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
tags:
|
||||
@@ -49,4 +49,4 @@ maintainers:
|
||||
name: mastodon
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/mastodon
|
||||
version: 4.7.3
|
||||
version: 5.0.0
|
||||
|
||||
@@ -223,12 +223,12 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
|
||||
|
||||
### Common parameters
|
||||
|
||||
@@ -324,7 +324,7 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `web.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production). | `none` |
|
||||
| `web.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production). | `small` |
|
||||
| `web.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `web.podSecurityContext.enabled` | Enabled Mastodon web pods' Security Context | `true` |
|
||||
| `web.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
@@ -334,10 +334,10 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `web.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `web.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `web.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `web.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `web.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `web.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `web.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `web.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `web.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
@@ -418,7 +418,7 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `sidekiq.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `sidekiq.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `sidekiq.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `sidekiq.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sidekiq.resources is set (sidekiq.resources is recommended for production). | `none` |
|
||||
| `sidekiq.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sidekiq.resources is set (sidekiq.resources is recommended for production). | `small` |
|
||||
| `sidekiq.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `sidekiq.podSecurityContext.enabled` | Enabled Mastodon sidekiq pods' Security Context | `true` |
|
||||
| `sidekiq.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
@@ -428,10 +428,10 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `sidekiq.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `sidekiq.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `sidekiq.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `sidekiq.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `sidekiq.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `sidekiq.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `sidekiq.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `sidekiq.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `sidekiq.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `sidekiq.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `sidekiq.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `sidekiq.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
@@ -497,7 +497,7 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `streaming.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `streaming.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `streaming.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `streaming.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if streaming.resources is set (streaming.resources is recommended for production). | `none` |
|
||||
| `streaming.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if streaming.resources is set (streaming.resources is recommended for production). | `small` |
|
||||
| `streaming.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `streaming.podSecurityContext.enabled` | Enabled Mastodon streaming pods' Security Context | `true` |
|
||||
| `streaming.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
|
||||
@@ -507,10 +507,10 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `streaming.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `streaming.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `streaming.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `streaming.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `streaming.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `streaming.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `streaming.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `streaming.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `streaming.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `streaming.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `streaming.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `streaming.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
@@ -606,10 +606,10 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `initJob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `initJob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `initJob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `initJob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `initJob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
|
||||
| `initJob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `initJob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `initJob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `initJob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `initJob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `initJob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `initJob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
@@ -622,7 +622,7 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `initJob.extraEnvVarsCM` | ConfigMap containing extra env vars to configure the Mastodon init job | `""` |
|
||||
| `initJob.extraEnvVarsSecret` | Secret containing extra env vars to configure the Mastodon init job (in case of sensitive data) | `""` |
|
||||
| `initJob.extraVolumeMounts` | Array of extra volume mounts to be added to the Mastodon Container (evaluated as template). Normally used with `extraVolumes`. | `[]` |
|
||||
| `initJob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if initJob.resources is set (initJob.resources is recommended for production). | `none` |
|
||||
| `initJob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if initJob.resources is set (initJob.resources is recommended for production). | `small` |
|
||||
| `initJob.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `initJob.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `initJob.hostAliases` | Add deployment host aliases | `[]` |
|
||||
@@ -661,7 +661,7 @@ The [Bitnami mastodon](https://github.com/bitnami/containers/tree/main/bitnami/m
|
||||
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` |
|
||||
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
|
||||
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
|
||||
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
|
||||
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
|
||||
@@ -819,6 +819,17 @@ Find more information about how to deal with common errors related to Bitnami's
|
||||
|
||||
## Upgrading
|
||||
|
||||
### To 5.0.0
|
||||
|
||||
This major bump changes the following security defaults:
|
||||
|
||||
- `runAsGroup` is changed from `0` to `1001`
|
||||
- `readOnlyRootFilesystem` is set to `true`
|
||||
- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case).
|
||||
- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`.
|
||||
|
||||
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
|
||||
|
||||
### To 4.0.0
|
||||
|
||||
This major updates the Apache subchart to its newest major, 10.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/apache#to-1000) you can find more information about the changes introduced in that version.
|
||||
|
||||
@@ -27,7 +27,7 @@ global:
|
||||
openshift:
|
||||
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
|
||||
##
|
||||
adaptSecurityContext: disabled
|
||||
adaptSecurityContext: auto
|
||||
## @section Common parameters
|
||||
##
|
||||
|
||||
@@ -296,7 +296,7 @@ web:
|
||||
## @param web.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "small"
|
||||
## @param web.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -339,10 +339,10 @@ web:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
@@ -645,7 +645,7 @@ sidekiq:
|
||||
## @param sidekiq.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sidekiq.resources is set (sidekiq.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "small"
|
||||
## @param sidekiq.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -688,10 +688,10 @@ sidekiq:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
@@ -945,7 +945,7 @@ streaming:
|
||||
## @param streaming.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if streaming.resources is set (streaming.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "small"
|
||||
## @param streaming.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -988,10 +988,10 @@ streaming:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
@@ -1357,10 +1357,10 @@ initJob:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
@@ -1401,7 +1401,7 @@ initJob:
|
||||
## @param initJob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if initJob.resources is set (initJob.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "small"
|
||||
## @param initJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
@@ -1571,7 +1571,7 @@ volumePermissions:
|
||||
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "none"
|
||||
resourcesPreset: "nano"
|
||||
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
|
||||
Reference in New Issue
Block a user