Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-27 15:27:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/clickhouse] feat: Add support for PSA restricted policy (#20408)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2023-10-31 16:27:56 +01:00
committed by GitHub
parent 601467455d
commit b0cc87042f
3 changed files with 21 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/clickhouse/Chart.yaml
View File

@@ -35,4 +35,4 @@ maintainers:
name: clickhouse
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/clickhouse
version: 4.0.10
version: 4.1.0

14
bitnami/clickhouse/README.md
View File

@@ -138,12 +138,14 @@ The command removes all the Kubernetes components associated with the chart and
| `resources.requests` | The requested resources for the ClickHouse containers | `{}` |
| `podSecurityContext.enabled` | Enabled ClickHouse pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | Set ClickHouse pod's Security Context fsGroup | `1001` |
| `podSecurityContext.seccompProfile.type` | Set ClickHouse container's Security Context seccomp profile | `RuntimeDefault` |
| `containerSecurityContext.enabled` | Enabled ClickHouse containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set ClickHouse containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set ClickHouse containers' Security Context runAsNonRoot | `true` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set ClickHouse container's privilege escalation | `false` |
| `containerSecurityContext.capabilities.drop` | Set ClickHouse container's Security Context runAsNonRoot | `["ALL"]` |
| `containerSecurityContext.enabled` | Enable containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set containers' Security Context runAsNonRoot | `true` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's | `false` |
| `containerSecurityContext.privileged` | Set contraller container's Security Context privileged | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set contraller container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be droppedn | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `auth.username` | ClickHouse Admin username | `default` |
| `auth.password` | ClickHouse Admin password | `""` |
| `auth.existingSecret` | Name of a secret containing the Admin password | `""` |

20
bitnami/clickhouse/values.yaml
View File

@@ -198,29 +198,33 @@ resources:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled ClickHouse pods' Security Context
## @param podSecurityContext.fsGroup Set ClickHouse pod's Security Context fsGroup
## @param podSecurityContext.seccompProfile.type Set ClickHouse container's Security Context seccomp profile
## If you are using Kubernetes 1.18, the following code needs to be commented out.
##
podSecurityContext:
enabled: true
fsGroup: 1001
seccompProfile:
type: "RuntimeDefault"
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled ClickHouse containers' Security Context
## @param containerSecurityContext.runAsUser Set ClickHouse containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set ClickHouse containers' Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Set ClickHouse container's privilege escalation
## @param containerSecurityContext.capabilities.drop Set ClickHouse container's Security Context runAsNonRoot
## @param containerSecurityContext.enabled Enable containers' Security Context
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set containers' Security Context runAsNonRoot
## @param containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's
## @param containerSecurityContext.privileged Set contraller container's Security Context privileged
## @param containerSecurityContext.allowPrivilegeEscalation Set contraller container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be droppedn
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Authentication
## @param auth.username ClickHouse Admin username