Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-20 12:07:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/phpbb] feat: Add support for PSA restricted policy (#20522)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2023-11-06 14:10:04 +01:00
committed by GitHub
parent 97e2b22b9c
commit b756779382
4 changed files with 114 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bitnami/phpbb/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
version: 14.0.3
version: 14.1.0
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.13.3
digest: sha256:4307bb7fbb0b6b539dabb1b43f2a098fe3349806ea62150c97df0227a07a5cc3
generated: "2023-10-22T17:39:19.172423104Z"
digest: sha256:ed18965f3ec543d94074f9ce7d71e9dd607ae50eac145184698b6cc1e1b175ef
generated: "2023-10-30T16:25:33.843030432+01:00"

2
bitnami/phpbb/Chart.yaml
View File

@@ -37,4 +37,4 @@ maintainers:
name: phpbb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/phpbb
version: 15.0.2
version: 15.1.0

185
bitnami/phpbb/README.md
View File

@@ -81,96 +81,101 @@ The command removes all the Kubernetes components associated with the chart and
### phpBB parameters
| Name | Description | Value |
| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | phpBB image registry | `REGISTRY_NAME` |
| `image.repository` | phpBB image repository | `REPOSITORY_NAME/phpbb` |
| `image.digest` | phpBB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | phpBB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` |
| `phpbbSkipInstall` | Skip phpBB installation wizard. Useful for migrations and restoring from SQL dump | `no` |
| `phpbbDisableSessionValidation` | Disable session validation | `yes` |
| `phpbbUsername` | User of the application | `user` |
| `phpbbPassword` | Application password | `""` |
| `phpbbEmail` | Admin email | `user@example.com` |
| `allowEmptyPassword` | Allow DB blank passwords | `no` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `extraEnvVars` | An array to add extra env vars | `[]` |
| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` |
| `extraVolumeMounts` | Extra volume mounts to add to the container. Normally used with `extraVolumes` | `[]` |
| `initContainers` | Extra init containers to add to the deployment | `[]` |
| `sidecars` | Extra sidecar containers to add to the deployment | `[]` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `existingSecret` | Use existing secret for the application password | `""` |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
| `smtpHost` | SMTP host | `""` |
| `smtpPort` | SMTP port | `""` |
| `smtpUser` | SMTP user | `""` |
| `smtpPassword` | SMTP password | `""` |
| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` |
| `containerPorts` | Container ports | `{}` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | Database data Persistent Volume Storage Class | `""` |
| `persistence.accessModes` | PVC Access Mode for phpBB volume | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for phpBB volume | `8Gi` |
| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` |
| `persistence.hostPath` | Host mount path for phpBB volume | `""` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
| `resources.requests` | The requested resources for the container | `{}` |
| `resources.limits` | The resources limits for the container | `{}` |
| `podSecurityContext.enabled` | Enable phpBB pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | phpBB pods' group ID | `1001` |
| `containerSecurityContext.enabled` | Enable phpBB containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | phpBB containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | phpBB containers' Security Context runAsNonRoot | `true` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `600` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `customStartupProbe` | Override default startup probe | `{}` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `priorityClassName` | Define the priority class name to use for the phpbb pods | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `lifecycleHooks` | LifecycleHook to set additional configuration before or after startup | `{}` |
| `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Pod extra labels | `{}` |
| Name | Description | Value |
| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | phpBB image registry | `REGISTRY_NAME` |
| `image.repository` | phpBB image repository | `REPOSITORY_NAME/phpbb` |
| `image.digest` | phpBB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | phpBB image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` |
| `phpbbSkipInstall` | Skip phpBB installation wizard. Useful for migrations and restoring from SQL dump | `no` |
| `phpbbDisableSessionValidation` | Disable session validation | `yes` |
| `phpbbUsername` | User of the application | `user` |
| `phpbbPassword` | Application password | `""` |
| `phpbbEmail` | Admin email | `user@example.com` |
| `allowEmptyPassword` | Allow DB blank passwords | `no` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `extraEnvVars` | An array to add extra env vars | `[]` |
| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` |
| `extraEnvVarsSecret` | Secret with extra environment variables | `""` |
| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` |
| `extraVolumeMounts` | Extra volume mounts to add to the container. Normally used with `extraVolumes` | `[]` |
| `initContainers` | Extra init containers to add to the deployment | `[]` |
| `sidecars` | Extra sidecar containers to add to the deployment | `[]` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `existingSecret` | Use existing secret for the application password | `""` |
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | The resources limits for the container | `{}` |
| `volumePermissions.resources.requests` | The requested resources for the container | `{}` |
| `smtpHost` | SMTP host | `""` |
| `smtpPort` | SMTP port | `""` |
| `smtpUser` | SMTP user | `""` |
| `smtpPassword` | SMTP password | `""` |
| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` |
| `containerPorts` | Container ports | `{}` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.storageClass` | Database data Persistent Volume Storage Class | `""` |
| `persistence.accessModes` | PVC Access Mode for phpBB volume | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for phpBB volume | `8Gi` |
| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` |
| `persistence.hostPath` | Host mount path for phpBB volume | `""` |
| `persistence.annotations` | Persistent Volume Claim annotations | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
| `resources.requests` | The requested resources for the container | `{}` |
| `resources.limits` | The resources limits for the container | `{}` |
| `podSecurityContext.enabled` | Enable phpBB pods' Security Context | `true` |
| `podSecurityContext.fsGroup` | phpBB pods' group ID | `1001` |
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `600` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `customStartupProbe` | Override default startup probe | `{}` |
| `customLivenessProbe` | Override default liveness probe | `{}` |
| `customReadinessProbe` | Override default readiness probe | `{}` |
| `priorityClassName` | Define the priority class name to use for the phpbb pods | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` |
| `lifecycleHooks` | LifecycleHook to set additional configuration before or after startup | `{}` |
| `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Pod extra labels | `{}` |
### Traffic Exposure Parameters

18
bitnami/phpbb/values.yaml
View File

@@ -315,14 +315,26 @@ podSecurityContext:
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enable phpBB containers' Security Context
## @param containerSecurityContext.runAsUser phpBB containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot phpBB containers' Security Context runAsNonRoot
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for startup probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe