Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-16 06:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/aspnet-core] feat: 🔒 Add automatic adaptation for Openshift restricted-v2 SCC (#24066)

Browse Source 
* [bitnami/aspnet-core] feat:  🔒 Add automatic adaptation for Openshift restricted-v2 SCC

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: ♻️ Adapt securityContext to most recent standard

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-03-06 15:09:03 +01:00
committed by GitHub
parent 690927b8e5
commit b9201f64c1
5 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bitnami/aspnet-core/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.16.1
digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47
generated: "2024-02-21T11:44:08.121250117Z"
version: 2.18.0
digest: sha256:f489ae7394a4eceb24fb702901483c67a5b4fff605f19d5e2545e3a6778e1280
generated: "2024-03-05T13:25:07.31092764+01:00"

2
bitnami/aspnet-core/Chart.yaml
View File

@@ -31,4 +31,4 @@ maintainers:
name: aspnet-core
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/aspnet-core
version: 5.6.2
version: 5.7.0

11
bitnami/aspnet-core/README.md
View File

@@ -55,11 +55,12 @@ The command removes all the Kubernetes components associated with the chart and
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `disabled` |
### Common parameters

11
bitnami/aspnet-core/templates/deployment.yaml
View File

@@ -57,12 +57,7 @@ spec:
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext:
fsGroup: {{ .Values.podSecurityContext.fsGroup }}
{{- if .Values.podSecurityContext.sysctls }}
sysctls:
{{- toYaml .Values.podSecurityContext.sysctls | nindent 10 }}
{{- end }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
{{- if or .Values.appFromExternalRepo.enabled .Values.initContainers }}
initContainers:
@@ -107,9 +102,7 @@ spec:
image: {{ include "aspnet-core.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext:
runAsUser: {{ .Values.containerSecurityContext.runAsUser }}
runAsNonRoot: {{ .Values.containerSecurityContext.runAsNonRoot }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}

9
bitnami/aspnet-core/values.yaml
View File

@@ -19,6 +19,15 @@ global:
##
imagePullSecrets: []
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
## @section Common parameters
##