diff --git a/bitnami/phpbb/Chart.lock b/bitnami/phpbb/Chart.lock index 0e094f532f..56eed4594d 100644 --- a/bitnami/phpbb/Chart.lock +++ b/bitnami/phpbb/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 14.0.3 + version: 14.1.0 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.13.3 -digest: sha256:4307bb7fbb0b6b539dabb1b43f2a098fe3349806ea62150c97df0227a07a5cc3 -generated: "2023-10-22T17:39:19.172423104Z" +digest: sha256:ed18965f3ec543d94074f9ce7d71e9dd607ae50eac145184698b6cc1e1b175ef +generated: "2023-10-30T16:25:33.843030432+01:00" diff --git a/bitnami/phpbb/Chart.yaml b/bitnami/phpbb/Chart.yaml index a7555bc6b0..d384b1d27c 100644 --- a/bitnami/phpbb/Chart.yaml +++ b/bitnami/phpbb/Chart.yaml @@ -37,4 +37,4 @@ maintainers: name: phpbb sources: - https://github.com/bitnami/charts/tree/main/bitnami/phpbb -version: 15.0.2 +version: 15.1.0 diff --git a/bitnami/phpbb/README.md b/bitnami/phpbb/README.md index a437bb0a7a..70d66e1002 100644 --- a/bitnami/phpbb/README.md +++ b/bitnami/phpbb/README.md @@ -81,96 +81,101 @@ The command removes all the Kubernetes components associated with the chart and ### phpBB parameters -| Name | Description | Value | -| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `image.registry` | phpBB image registry | `REGISTRY_NAME` | -| `image.repository` | phpBB image repository | `REPOSITORY_NAME/phpbb` | -| `image.digest` | phpBB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | phpBB image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` | -| `phpbbSkipInstall` | Skip phpBB installation wizard. Useful for migrations and restoring from SQL dump | `no` | -| `phpbbDisableSessionValidation` | Disable session validation | `yes` | -| `phpbbUsername` | User of the application | `user` | -| `phpbbPassword` | Application password | `""` | -| `phpbbEmail` | Admin email | `user@example.com` | -| `allowEmptyPassword` | Allow DB blank passwords | `no` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | An array to add extra env vars | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Extra volume mounts to add to the container. Normally used with `extraVolumes` | `[]` | -| `initContainers` | Extra init containers to add to the deployment | `[]` | -| `sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `existingSecret` | Use existing secret for the application password | `""` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` | -| `containerPorts` | Container ports | `{}` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | Database data Persistent Volume Storage Class | `""` | -| `persistence.accessModes` | PVC Access Mode for phpBB volume | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for phpBB volume | `8Gi` | -| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` | -| `persistence.hostPath` | Host mount path for phpBB volume | `""` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `resources.limits` | The resources limits for the container | `{}` | -| `podSecurityContext.enabled` | Enable phpBB pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | phpBB pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable phpBB containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | phpBB containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | phpBB containers' Security Context runAsNonRoot | `true` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `600` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `priorityClassName` | Define the priority class name to use for the phpbb pods | `""` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `lifecycleHooks` | LifecycleHook to set additional configuration before or after startup | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod extra labels | `{}` | +| Name | Description | Value | +| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `image.registry` | phpBB image registry | `REGISTRY_NAME` | +| `image.repository` | phpBB image repository | `REPOSITORY_NAME/phpbb` | +| `image.digest` | phpBB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | phpBB image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` | +| `phpbbSkipInstall` | Skip phpBB installation wizard. Useful for migrations and restoring from SQL dump | `no` | +| `phpbbDisableSessionValidation` | Disable session validation | `yes` | +| `phpbbUsername` | User of the application | `user` | +| `phpbbPassword` | Application password | `""` | +| `phpbbEmail` | Admin email | `user@example.com` | +| `allowEmptyPassword` | Allow DB blank passwords | `no` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | +| `extraEnvVars` | An array to add extra env vars | `[]` | +| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` | +| `extraVolumeMounts` | Extra volume mounts to add to the container. Normally used with `extraVolumes` | `[]` | +| `initContainers` | Extra init containers to add to the deployment | `[]` | +| `sidecars` | Extra sidecar containers to add to the deployment | `[]` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `existingSecret` | Use existing secret for the application password | `""` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | +| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | +| `smtpHost` | SMTP host | `""` | +| `smtpPort` | SMTP port | `""` | +| `smtpUser` | SMTP user | `""` | +| `smtpPassword` | SMTP password | `""` | +| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` | +| `containerPorts` | Container ports | `{}` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | Database data Persistent Volume Storage Class | `""` | +| `persistence.accessModes` | PVC Access Mode for phpBB volume | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for phpBB volume | `8Gi` | +| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` | +| `persistence.hostPath` | Host mount path for phpBB volume | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | +| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `resources.requests` | The requested resources for the container | `{}` | +| `resources.limits` | The resources limits for the container | `{}` | +| `podSecurityContext.enabled` | Enable phpBB pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | phpBB pods' group ID | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `600` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `priorityClassName` | Define the priority class name to use for the phpbb pods | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `lifecycleHooks` | LifecycleHook to set additional configuration before or after startup | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod extra labels | `{}` | ### Traffic Exposure Parameters diff --git a/bitnami/phpbb/values.yaml b/bitnami/phpbb/values.yaml index 25cdb97d4f..7a763ffbc1 100644 --- a/bitnami/phpbb/values.yaml +++ b/bitnami/phpbb/values.yaml @@ -315,14 +315,26 @@ podSecurityContext: fsGroup: 1001 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable phpBB containers' Security Context -## @param containerSecurityContext.runAsUser phpBB containers' Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot phpBB containers' Security Context runAsNonRoot +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" ## Configure extra options for startup probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param startupProbe.enabled Enable startupProbe