mirror of
https://github.com/bitnami/charts.git
synced 2026-03-15 06:47:24 +08:00
[bitnami/apisix] feat: ✨ Add support for PSA restricted policy (#20419)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
b81449e52d
commit
a82dad6b87
@@ -45,4 +45,4 @@ sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/apisix
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/apisix-dashboard
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/apisix-ingress-controller
|
||||
version: 2.1.4
|
||||
version: 2.2.0
|
||||
|
||||
@@ -120,13 +120,13 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `dataPlane.resources.requests` | The requested resources for the APISIX containers | `{}` |
|
||||
| `dataPlane.podSecurityContext.enabled` | Enabled APISIX pods' Security Context | `true` |
|
||||
| `dataPlane.podSecurityContext.fsGroup` | Set APISIX pod's Security Context fsGroup | `1001` |
|
||||
| `dataPlane.podSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `dataPlane.containerSecurityContext.enabled` | Enabled APISIX containers' Security Context | `true` |
|
||||
| `dataPlane.containerSecurityContext.runAsUser` | Set APISIX containers' Security Context runAsUser | `1001` |
|
||||
| `dataPlane.containerSecurityContext.runAsNonRoot` | Set APISIX containers' Security Context runAsNonRoot | `true` |
|
||||
| `dataPlane.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX containers' Security Context runAsNonRoot | `true` |
|
||||
| `dataPlane.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX container's privilege escalation | `false` |
|
||||
| `dataPlane.containerSecurityContext.capabilities.drop` | Set APISIX container's Security Context runAsNonRoot | `["ALL"]` |
|
||||
| `dataPlane.containerSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `dataPlane.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `dataPlane.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `dataPlane.hostAliases` | APISIX pods host aliases | `[]` |
|
||||
@@ -286,13 +286,13 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `controlPlane.resources.requests` | The requested resources for the APISIX containers | `{}` |
|
||||
| `controlPlane.podSecurityContext.enabled` | Enabled APISIX pods' Security Context | `true` |
|
||||
| `controlPlane.podSecurityContext.fsGroup` | Set APISIX pod's Security Context fsGroup | `1001` |
|
||||
| `controlPlane.podSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `controlPlane.containerSecurityContext.enabled` | Enabled APISIX containers' Security Context | `true` |
|
||||
| `controlPlane.containerSecurityContext.runAsUser` | Set APISIX containers' Security Context runAsUser | `1001` |
|
||||
| `controlPlane.containerSecurityContext.runAsNonRoot` | Set APISIX containers' Security Context runAsNonRoot | `true` |
|
||||
| `controlPlane.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX containers' Security Context runAsNonRoot | `true` |
|
||||
| `controlPlane.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX container's privilege escalation | `false` |
|
||||
| `controlPlane.containerSecurityContext.capabilities.drop` | Set APISIX container's Security Context runAsNonRoot | `["ALL"]` |
|
||||
| `controlPlane.containerSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `controlPlane.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `controlPlane.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `controlPlane.hostAliases` | APISIX pods host aliases | `[]` |
|
||||
@@ -473,7 +473,6 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `dashboard.initContainers` | Add additional init containers to the APISIX Dashboard pod(s) | `[]` |
|
||||
| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` |
|
||||
| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` |
|
||||
| `dashboard.podSecurityContext.seccompProfile.type` | Set Dashboard pod's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `dashboard.containerPorts.http` | Dashboard http container port | `8080` |
|
||||
| `dashboard.containerPorts.https` | Dashboard https container port | `8443` |
|
||||
| `dashboard.livenessProbe.enabled` | Enable livenessProbe on Dashboard container | `true` |
|
||||
@@ -502,9 +501,11 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard container' Security Context | `true` |
|
||||
| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container' Security Context runAsUser | `1001` |
|
||||
| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container' Security Context runAsNonRoot | `true` |
|
||||
| `dashboard.containerSecurityContext.privileged` | Set Dashboard container' Security Context privileged | `false` |
|
||||
| `dashboard.containerSecurityContext.readOnlyRootFilesystem` | Set Dashboard container' Security Context runAsNonRoot | `true` |
|
||||
| `dashboard.containerSecurityContext.allowPrivilegeEscalation` | Set Dashboard container's privilege escalation | `false` |
|
||||
| `dashboard.containerSecurityContext.capabilities.drop` | Set Dashboard container's Security Context runAsNonRoot | `["ALL"]` |
|
||||
| `dashboard.containerSecurityContext.seccompProfile.type` | Set Dashboard container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `dashboard.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `dashboard.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `dashboard.lifecycleHooks` | for the Dashboard container(s) to automate configuration before or after startup | `{}` |
|
||||
@@ -609,13 +610,14 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `ingressController.resources.requests` | The requested resources for the APISIX Ingress Controller containers | `{}` |
|
||||
| `ingressController.podSecurityContext.enabled` | Enabled APISIX Ingress Controller pods' Security Context | `true` |
|
||||
| `ingressController.podSecurityContext.fsGroup` | Set APISIX Ingress Controller pod's Security Context fsGroup | `1001` |
|
||||
| `ingressController.podSecurityContext.seccompProfile.type` | Set APISIX Ingress Controller container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `ingressController.containerSecurityContext.enabled` | Enabled APISIX Ingress Controller containers' Security Context | `true` |
|
||||
| `ingressController.containerSecurityContext.runAsUser` | Set APISIX Ingress Controller containers' Security Context runAsUser | `1001` |
|
||||
| `ingressController.containerSecurityContext.runAsNonRoot` | Set APISIX Ingress Controller containers' Security Context runAsNonRoot | `true` |
|
||||
| `ingressController.containerSecurityContext.privileged` | Set APISIX Ingress Controller containers' Security Context privileged | `false` |
|
||||
| `ingressController.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX Ingress Controller containers' Security Context runAsNonRoot | `true` |
|
||||
| `ingressController.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX Ingress Controller container's privilege escalation | `false` |
|
||||
| `ingressController.containerSecurityContext.capabilities.drop` | Set APISIX Ingress Controller container's Security Context runAsNonRoot | `["ALL"]` |
|
||||
| `ingressController.containerSecurityContext.seccompProfile.type` | Set APISIX Ingress Controller container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `ingressController.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `ingressController.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `ingressController.hostAliases` | APISIX Ingress Controller pods host aliases | `[]` |
|
||||
@@ -745,7 +747,9 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `waitContainer.containerSecurityContext.runAsNonRoot` | Set APISIX containers' Security Context runAsNonRoot | `true` |
|
||||
| `waitContainer.containerSecurityContext.readOnlyRootFilesystem` | Set APISIX containers' Security Context runAsNonRoot | `true` |
|
||||
| `waitContainer.containerSecurityContext.allowPrivilegeEscalation` | Set APISIX container's privilege escalation | `false` |
|
||||
| `waitContainer.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `waitContainer.containerSecurityContext.capabilities.drop` | Set APISIX container's Security Context runAsNonRoot | `["ALL"]` |
|
||||
| `waitContainer.containerSecurityContext.seccompProfile.type` | Set APISIX container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
|
||||
### External etcd settings
|
||||
|
||||
|
||||
@@ -186,13 +186,10 @@ dataPlane:
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param dataPlane.podSecurityContext.enabled Enabled APISIX pods' Security Context
|
||||
## @param dataPlane.podSecurityContext.fsGroup Set APISIX pod's Security Context fsGroup
|
||||
## @param dataPlane.podSecurityContext.seccompProfile.type Set APISIX container's Security Context seccomp profile
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param dataPlane.containerSecurityContext.enabled Enabled APISIX containers' Security Context
|
||||
@@ -201,6 +198,7 @@ dataPlane:
|
||||
## @param dataPlane.containerSecurityContext.readOnlyRootFilesystem Set APISIX containers' Security Context runAsNonRoot
|
||||
## @param dataPlane.containerSecurityContext.allowPrivilegeEscalation Set APISIX container's privilege escalation
|
||||
## @param dataPlane.containerSecurityContext.capabilities.drop Set APISIX container's Security Context runAsNonRoot
|
||||
## @param dataPlane.containerSecurityContext.seccompProfile.type Set APISIX container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
@@ -210,6 +208,8 @@ dataPlane:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
## @param dataPlane.command Override default container command (useful when using custom images)
|
||||
##
|
||||
@@ -860,13 +860,10 @@ controlPlane:
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param controlPlane.podSecurityContext.enabled Enabled APISIX pods' Security Context
|
||||
## @param controlPlane.podSecurityContext.fsGroup Set APISIX pod's Security Context fsGroup
|
||||
## @param controlPlane.podSecurityContext.seccompProfile.type Set APISIX container's Security Context seccomp profile
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param controlPlane.containerSecurityContext.enabled Enabled APISIX containers' Security Context
|
||||
@@ -875,6 +872,7 @@ controlPlane:
|
||||
## @param controlPlane.containerSecurityContext.readOnlyRootFilesystem Set APISIX containers' Security Context runAsNonRoot
|
||||
## @param controlPlane.containerSecurityContext.allowPrivilegeEscalation Set APISIX container's privilege escalation
|
||||
## @param controlPlane.containerSecurityContext.capabilities.drop Set APISIX container's Security Context runAsNonRoot
|
||||
## @param controlPlane.containerSecurityContext.seccompProfile.type Set APISIX container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
@@ -884,6 +882,8 @@ controlPlane:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
## @param controlPlane.command Override default container command (useful when using custom images)
|
||||
##
|
||||
@@ -1824,13 +1824,10 @@ dashboard:
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context
|
||||
## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup
|
||||
## @param dashboard.podSecurityContext.seccompProfile.type Set Dashboard pod's Security Context seccomp profile
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
## @param dashboard.containerPorts.http Dashboard http container port
|
||||
## @param dashboard.containerPorts.https Dashboard https container port
|
||||
@@ -1904,18 +1901,23 @@ dashboard:
|
||||
## @param dashboard.containerSecurityContext.enabled Enabled Dashboard container' Security Context
|
||||
## @param dashboard.containerSecurityContext.runAsUser Set Dashboard container' Security Context runAsUser
|
||||
## @param dashboard.containerSecurityContext.runAsNonRoot Set Dashboard container' Security Context runAsNonRoot
|
||||
## @param dashboard.containerSecurityContext.privileged Set Dashboard container' Security Context privileged
|
||||
## @param dashboard.containerSecurityContext.readOnlyRootFilesystem Set Dashboard container' Security Context runAsNonRoot
|
||||
## @param dashboard.containerSecurityContext.allowPrivilegeEscalation Set Dashboard container's privilege escalation
|
||||
## @param dashboard.containerSecurityContext.capabilities.drop Set Dashboard container's Security Context runAsNonRoot
|
||||
## @param dashboard.containerSecurityContext.seccompProfile.type Set Dashboard container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
## @param dashboard.command Override default container command (useful when using custom images)
|
||||
##
|
||||
@@ -2282,30 +2284,32 @@ ingressController:
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param ingressController.podSecurityContext.enabled Enabled APISIX Ingress Controller pods' Security Context
|
||||
## @param ingressController.podSecurityContext.fsGroup Set APISIX Ingress Controller pod's Security Context fsGroup
|
||||
## @param ingressController.podSecurityContext.seccompProfile.type Set APISIX Ingress Controller container's Security Context seccomp profile
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param ingressController.containerSecurityContext.enabled Enabled APISIX Ingress Controller containers' Security Context
|
||||
## @param ingressController.containerSecurityContext.runAsUser Set APISIX Ingress Controller containers' Security Context runAsUser
|
||||
## @param ingressController.containerSecurityContext.runAsNonRoot Set APISIX Ingress Controller containers' Security Context runAsNonRoot
|
||||
## @param ingressController.containerSecurityContext.privileged Set APISIX Ingress Controller containers' Security Context privileged
|
||||
## @param ingressController.containerSecurityContext.readOnlyRootFilesystem Set APISIX Ingress Controller containers' Security Context runAsNonRoot
|
||||
## @param ingressController.containerSecurityContext.allowPrivilegeEscalation Set APISIX Ingress Controller container's privilege escalation
|
||||
## @param ingressController.containerSecurityContext.capabilities.drop Set APISIX Ingress Controller container's Security Context runAsNonRoot
|
||||
## @param ingressController.containerSecurityContext.seccompProfile.type Set APISIX Ingress Controller container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
## @param ingressController.command Override default container command (useful when using custom images)
|
||||
##
|
||||
@@ -2849,16 +2853,21 @@ waitContainer:
|
||||
## @param waitContainer.containerSecurityContext.runAsNonRoot Set APISIX containers' Security Context runAsNonRoot
|
||||
## @param waitContainer.containerSecurityContext.readOnlyRootFilesystem Set APISIX containers' Security Context runAsNonRoot
|
||||
## @param waitContainer.containerSecurityContext.allowPrivilegeEscalation Set APISIX container's privilege escalation
|
||||
## @param waitContainer.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param waitContainer.containerSecurityContext.capabilities.drop Set APISIX container's Security Context runAsNonRoot
|
||||
## @param waitContainer.containerSecurityContext.seccompProfile.type Set APISIX container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
## @section External etcd settings
|
||||
##
|
||||
|
||||
Reference in New Issue
Block a user