mirror of
https://github.com/bitnami/charts.git
synced 2026-02-19 19:47:22 +08:00
[bitnami/contour-operator] Set readOnlyRootFileSystem by default (#9464)
* [bitnami/contour-operator] Set readOnlyRootFileSystem by default Signed-off-by: Miguel A. Cabrera Minagorri <mcabrera@vmware.com> * [bitnami/contour-operator] Update components versions Signed-off-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Miguel Ángel Cabrera Miñagorri
committed by
GitHub
GitHub
parent
290069c529
commit
cf70e77bcb
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 1.11.3
|
||||
digest: sha256:d5f850d857edd58b32c0e10652f6ec3ce5018def5542f2bcef38fd7fa0079d6b
|
||||
generated: "2022-03-15T16:03:31.635580327Z"
|
||||
version: 1.12.0
|
||||
digest: sha256:7e484480451778c273e7a165dbfaa5594ec1c9a63a114ce9d458626cadd28893
|
||||
generated: "2022-03-17T15:30:17.618284001Z"
|
||||
|
||||
@@ -24,4 +24,4 @@ name: contour-operator
|
||||
sources:
|
||||
- https://github.com/projectcontour/contour-operator
|
||||
- https://github.com/bitnami/bitnami-docker-contour-operator
|
||||
version: 1.0.1
|
||||
version: 1.1.0
|
||||
|
||||
@@ -131,7 +131,7 @@ This solution allows to easily deploy multiple Contour instances compared to the
|
||||
### Global parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
|:--------------------------|:------------------------------------------------|:------|
|
||||
| ------------------------- | ----------------------------------------------- | ----- |
|
||||
| `global.imageRegistry` | Global Docker image registry | `""` |
|
||||
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
|
||||
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
|
||||
@@ -140,7 +140,7 @@ This solution allows to easily deploy multiple Contour instances compared to the
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
|:--------------------|:---------------------------------------------------|:------|
|
||||
| ------------------- | -------------------------------------------------- | ----- |
|
||||
| `kubeVersion` | Override Kubernetes version | `""` |
|
||||
| `nameOverride` | String to partially override common.names.fullname | `""` |
|
||||
| `fullnameOverride` | String to fully override common.names.fullname | `""` |
|
||||
@@ -151,83 +151,84 @@ This solution allows to easily deploy multiple Contour instances compared to the
|
||||
|
||||
### Contour Operator Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
|:----------------------------------------|:-------------------------------------------------------------------------------------------------------------------------|:---------------------------|
|
||||
| `image.registry` | Contour Operator image registry | `docker.io` |
|
||||
| `image.repository` | Contour Operator image repository | `bitnami/contour-operator` |
|
||||
| `image.tag` | Contour Operator image tag (immutable tags are recommended) | `1.19.1-scratch-r3` |
|
||||
| `image.pullPolicy` | Contour Operator image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Contour Operator image pull secrets | `[]` |
|
||||
| `contourImage.registry` | Contour Image registry | `docker.io` |
|
||||
| `contourImage.repository` | Contour Image repository | `bitnami/contour` |
|
||||
| `contourImage.tag` | Contour Image tag (immutable tags are recommended) | `1.19.1-debian-10-r63` |
|
||||
| `contourImage.pullSecrets` | Contour Image pull secrets | `[]` |
|
||||
| `envoyImage.registry` | Envoy Image registry | `docker.io` |
|
||||
| `envoyImage.repository` | Envoy Image repository | `bitnami/envoy` |
|
||||
| `envoyImage.tag` | Envoy Image tag (immutable tags are recommended) | `1.19.1-debian-10-r136` |
|
||||
| `envoyImage.pullSecrets` | Envoy Image pull secrets | `[]` |
|
||||
| `replicaCount` | Number of Contour Operator replicas to deploy | `1` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe on Contour Operator nodes | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe on Contour Operator nodes | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe on Contour Operator nodes | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `30` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `resources.limits` | The resources limits for the Contour Operator containers | `{}` |
|
||||
| `resources.requests` | The requested resources for the Contour Operator containers | `{}` |
|
||||
| `podSecurityContext.enabled` | Enabled Contour Operator pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Contour Operator pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled Contour Operator containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set Contour Operator containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set Contour Operator containers' Security Context runAsNonRoot | `true` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `hostAliases` | Contour Operator pods host aliases | `[]` |
|
||||
| `schedulerName` | Name of the Kubernetes scheduler (other than default) | `""` |
|
||||
| `podLabels` | Extra labels for Contour Operator pods | `{}` |
|
||||
| `podAnnotations` | Annotations for Contour Operator pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
|
||||
| `affinity` | Affinity for Contour Operator pods assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for Contour Operator pods assignment | `{}` |
|
||||
| `tolerations` | Tolerations for Contour Operator pods assignment | `[]` |
|
||||
| `updateStrategy.type` | Contour Operator deployment strategy type | `RollingUpdate` |
|
||||
| `priorityClassName` | Contour Operator pods' priorityClassName | `""` |
|
||||
| `lifecycleHooks` | for the Contour Operator container(s) to automate configuration before or after startup | `{}` |
|
||||
| `terminationGracePeriodSeconds` | Termination grace period in seconds | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `containerPorts.metrics` | Metrics port for the Contour Operator container | `8080` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to Contour Operator nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Contour Operator nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Contour Operator nodes | `""` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for the Contour Operator pod(s) | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Contour Operator container(s) | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the Contour Operator pod(s) | `[]` |
|
||||
| `initContainers` | Add additional init containers to the Contour Operator pod(s) | `[]` |
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------- |
|
||||
| `image.registry` | Contour Operator image registry | `docker.io` |
|
||||
| `image.repository` | Contour Operator image repository | `bitnami/contour-operator` |
|
||||
| `image.tag` | Contour Operator image tag (immutable tags are recommended) | `1.20.1-scratch-r1` |
|
||||
| `image.pullPolicy` | Contour Operator image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Contour Operator image pull secrets | `[]` |
|
||||
| `contourImage.registry` | Contour Image registry | `docker.io` |
|
||||
| `contourImage.repository` | Contour Image repository | `bitnami/contour` |
|
||||
| `contourImage.tag` | Contour Image tag (immutable tags are recommended) | `1.20.1-debian-10-r19` |
|
||||
| `contourImage.pullSecrets` | Contour Image pull secrets | `[]` |
|
||||
| `envoyImage.registry` | Envoy Image registry | `docker.io` |
|
||||
| `envoyImage.repository` | Envoy Image repository | `bitnami/envoy` |
|
||||
| `envoyImage.tag` | Envoy Image tag (immutable tags are recommended) | `1.21.1-debian-10-r20` |
|
||||
| `envoyImage.pullSecrets` | Envoy Image pull secrets | `[]` |
|
||||
| `replicaCount` | Number of Contour Operator replicas to deploy | `1` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe on Contour Operator nodes | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe on Contour Operator nodes | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe on Contour Operator nodes | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `30` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `resources.limits` | The resources limits for the Contour Operator containers | `{}` |
|
||||
| `resources.requests` | The requested resources for the Contour Operator containers | `{}` |
|
||||
| `podSecurityContext.enabled` | Enabled Contour Operator pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Contour Operator pod's Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled Contour Operator containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set Contour Operator containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set Contour Operator containers' Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Mount / (root) as a readonly filesystem on Contour Operator containers | `true` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `hostAliases` | Contour Operator pods host aliases | `[]` |
|
||||
| `schedulerName` | Name of the Kubernetes scheduler (other than default) | `""` |
|
||||
| `podLabels` | Extra labels for Contour Operator pods | `{}` |
|
||||
| `podAnnotations` | Annotations for Contour Operator pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
|
||||
| `affinity` | Affinity for Contour Operator pods assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for Contour Operator pods assignment | `{}` |
|
||||
| `tolerations` | Tolerations for Contour Operator pods assignment | `[]` |
|
||||
| `updateStrategy.type` | Contour Operator deployment strategy type | `RollingUpdate` |
|
||||
| `priorityClassName` | Contour Operator pods' priorityClassName | `""` |
|
||||
| `lifecycleHooks` | for the Contour Operator container(s) to automate configuration before or after startup | `{}` |
|
||||
| `terminationGracePeriodSeconds` | Termination grace period in seconds | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `containerPorts.metrics` | Metrics port for the Contour Operator container | `8080` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to Contour Operator nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Contour Operator nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Contour Operator nodes | `""` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for the Contour Operator pod(s) | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Contour Operator container(s) | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the Contour Operator pod(s) | `[]` |
|
||||
| `initContainers` | Add additional init containers to the Contour Operator pod(s) | `[]` |
|
||||
|
||||
|
||||
### Other Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
|:----------------------------------------------|:-----------------------------------------------------|:-------|
|
||||
| --------------------------------------------- | ---------------------------------------------------- | ------ |
|
||||
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
|
||||
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
|
||||
@@ -237,7 +238,7 @@ This solution allows to easily deploy multiple Contour instances compared to the
|
||||
### Metrics parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
|:-------------------------------------------|:---------------------------------------------------------------------------------|:------------|
|
||||
| ------------------------------------------ | -------------------------------------------------------------------------------- | ----------- |
|
||||
| `metrics.enabled` | Create a service for accessing the metrics endpoint | `false` |
|
||||
| `metrics.service.type` | Contour Operator metrics service type | `ClusterIP` |
|
||||
| `metrics.service.ports.http` | Contour Operator metrics service HTTP port | `80` |
|
||||
|
||||
@@ -53,7 +53,7 @@ extraDeploy: []
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/contour-operator
|
||||
tag: 1.20.1-scratch-r1
|
||||
tag: 1.20.1-scratch-r2
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
@@ -78,7 +78,7 @@ image:
|
||||
contourImage:
|
||||
registry: docker.io
|
||||
repository: bitnami/contour
|
||||
tag: 1.20.1-debian-10-r19
|
||||
tag: 1.20.1-debian-10-r22
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-contourImage-private-registry/
|
||||
@@ -98,7 +98,7 @@ contourImage:
|
||||
envoyImage:
|
||||
registry: docker.io
|
||||
repository: bitnami/envoy
|
||||
tag: 1.21.1-debian-10-r20
|
||||
tag: 1.21.1-debian-10-r23
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
## Secrets must be manually created in the namespace.
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-envoyImage-private-registry/
|
||||
@@ -192,11 +192,13 @@ podSecurityContext:
|
||||
## @param containerSecurityContext.enabled Enabled Contour Operator containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set Contour Operator containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set Contour Operator containers' Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Mount / (root) as a readonly filesystem on Contour Operator containers
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
## @param command Override default container command (useful when using custom images)
|
||||
##
|
||||
|
||||
Reference in New Issue
Block a user