mirror of
https://github.com/bitnami/charts.git
synced 2026-03-05 14:57:31 +08:00
[bitnami/kong] feat: ✨ 🔒 Release 10.7.1 and add readOnlyRootFilesystem support (#24063)
* [bitnami/kong] feat: ✨ 🔒 Add readOnlyRootFilesystem support Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * [bitnami/kong] Release 10.7.1 updating components versions Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update CRDs automatically Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * update rbac Signed-off-by: mauraza <gibone@vmware.com> * Update bundled PostgreSQL Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * fix: 🚑 Remove merge issue Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * test: ✅ Update ownership Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * update image version Signed-off-by: mauraza <gibone@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: mauraza <gibone@vmware.com> Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> Co-authored-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Co-authored-by: mauraza <gibone@vmware.com> Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
This commit is contained in:
Bitnami Bot
@@ -14,7 +14,6 @@ file:
|
||||
exists: true
|
||||
filetype: file
|
||||
mode: '0644'
|
||||
owner: root
|
||||
contents:
|
||||
- /pg_user.*{{ .Vars.postgresql.auth.username }}/
|
||||
- /pg_database.*{{ .Vars.postgresql.auth.database }}/
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
dependencies:
|
||||
- name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 13.4.6
|
||||
version: 14.3.0
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.18.0
|
||||
- name: cassandra
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 10.11.2
|
||||
digest: sha256:6b384d9368a9f8bc3595842d03aa33f5436d391fa34404386971e56ef6e720e9
|
||||
generated: "2024-03-05T14:23:34.610760704+01:00"
|
||||
digest: sha256:e68c44100e0ec900e182ef91cc319e93ff92019729e476079e1114cd25ae1688
|
||||
generated: "2024-03-05T17:31:14.852359+01:00"
|
||||
|
||||
@@ -5,19 +5,19 @@ annotations:
|
||||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
images: |
|
||||
- name: kong-ingress-controller
|
||||
image: docker.io/bitnami/kong-ingress-controller:3.0.1-debian-11-r1
|
||||
- name: kong
|
||||
image: docker.io/bitnami/kong:3.4.2-debian-11-r1
|
||||
image: docker.io/bitnami/kong:3.6.1-debian-12-r1
|
||||
- name: kong-ingress-controller
|
||||
image: docker.io/bitnami/kong-ingress-controller:3.1.1-debian-12-r0
|
||||
- name: postgresql
|
||||
image: docker.io/bitnami/postgresql:14.10.0-debian-11-r18
|
||||
image: docker.io/bitnami/postgresql:14.11.0-debian-12-r6
|
||||
apiVersion: v2
|
||||
appVersion: 3.4.2
|
||||
appVersion: 3.6.1
|
||||
dependencies:
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 13.x.x
|
||||
version: 14.x.x
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
tags:
|
||||
@@ -45,4 +45,4 @@ maintainers:
|
||||
name: kong
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/kong
|
||||
version: 10.8.0
|
||||
version: 11.0.0
|
||||
|
||||
@@ -99,6 +99,7 @@ helm delete my-release
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
@@ -557,6 +558,10 @@ helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/kong \
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_ with the values obtained from instructions in the installation notes.
|
||||
|
||||
### To 11.0.0
|
||||
|
||||
This major release bumps the PostgreSQL chart version to [14.x.x](https://github.com/bitnami/charts/pull/22750); no major issues are expected during the upgrade.
|
||||
|
||||
### To 10.0.0
|
||||
|
||||
This major updates the PostgreSQL subchart to its newest major, 13.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1300) you can find more information about the changes introduced in that version.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -106,6 +106,8 @@ spec:
|
||||
args: {{- include "common.tplvalues.render" (dict "value" .Values.kong.args "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: KONG_PREFIX
|
||||
value: /opt/bitnami/kong/server
|
||||
- name: BITNAMI_DEBUG
|
||||
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
|
||||
{{- if .Values.service.exposeAdmin }}
|
||||
@@ -236,6 +238,12 @@ spec:
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.kong.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/kong/server
|
||||
subPath: app-server-dir
|
||||
- name: health
|
||||
mountPath: /health
|
||||
{{- if .Values.metrics.enabled }}
|
||||
@@ -354,6 +362,9 @@ spec:
|
||||
volumeMounts:
|
||||
- name: health
|
||||
mountPath: /health
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if .Values.ingressController.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.ingressController.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -362,6 +373,8 @@ spec:
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
- name: health
|
||||
configMap:
|
||||
name: {{ template "common.names.fullname" . }}-scripts
|
||||
|
||||
@@ -444,6 +444,54 @@ rules:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
- konglicenses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
- konglicenses/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
- kongclusterplugins
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
- kongclusterplugins/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
- kongvaults
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
- kongvaults/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
|
||||
@@ -48,6 +48,8 @@ spec:
|
||||
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: KONG_PREFIX
|
||||
value: /opt/bitnami/kong/server
|
||||
- name: KONG_MIGRATE
|
||||
value: "yes"
|
||||
- name: BITNAMI_DEBUG
|
||||
@@ -106,17 +108,25 @@ spec:
|
||||
name: {{ .Values.migration.extraEnvVarsSecret }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.migration.extraVolumeMounts }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/kong/server
|
||||
subPath: app-server-dir
|
||||
{{- if .Values.migration.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.migration.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.migration.resources }}
|
||||
resources: {{- toYaml .Values.migration.resources | nindent 12 }}
|
||||
{{- else if ne .Values.migration.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.migration.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumes }}
|
||||
volumes:
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
- name: empty-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -82,7 +82,7 @@ diagnosticMode:
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/kong
|
||||
tag: 3.4.2-debian-11-r1
|
||||
tag: 3.6.1-debian-12-r2
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
@@ -117,6 +117,7 @@ replicaCount: 2
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
@@ -128,6 +129,7 @@ containerSecurityContext:
|
||||
enabled: true
|
||||
seLinuxOptions: null
|
||||
runAsUser: 1001
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
@@ -661,7 +663,7 @@ ingressController:
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/kong-ingress-controller
|
||||
tag: 3.0.1-debian-11-r1
|
||||
tag: 3.1.1-debian-12-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
@@ -903,7 +905,7 @@ postgresql:
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/postgresql
|
||||
tag: 14.10.0-debian-11-r18
|
||||
tag: 14.11.0-debian-12-r6
|
||||
digest: ""
|
||||
auth:
|
||||
username: kong
|
||||
|
||||
Reference in New Issue
Block a user